CVE-2007-3844

Advisory lineage Upstream: 0 Downstream: 11

Downstream

DSA-1344-1 DSA-1345-1 DSA-1346-1 DSA-1391-1 DTSA-51-1 DTSA-52-1

Modified

Published: 08 Aug 2007, 01:11

Last modified:07 Aug 2024, 14:28

Vulnerability Summary

Overall Risk (default)

medium

32/100

CVSS Score

4.3 MEDIUM

v2.0 (nvd)

EPSS Score

21.7% HIGH

22% probability +0.07%

KEV

Not listed

Ransomware

No reports

Public exploits

2 found

Dark Web

Not detected

Timeline

08 Aug 2007, 01:11

Published

Vulnerability first disclosed

07 Aug 2024, 14:28

Last Modified

Vulnerability information updated

Description

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.

CVSS Metrics

v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 21.70%• Percentile: 96%

Affected Systems

mozilla•firefox
2.0.0.5
mozilla•seamonkey
1.1.3
mozilla•thunderbird
2.0.0.5