CVE-2007-0780

CVE-2007-0780 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.