CVE-2007-0780
Mozilla Firefox <1.5.0.10 & SeaMonkey <1.0.8 - XSS
Title source: llmDescription
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
References (47)
... and 27 more
Scores
EPSS
0.0215
EPSS Percentile
84.1%
Classification
CWE
CWE-79
Status
draft
Affected Products (5)
mozilla/firefox
< 1.5.0.10
mozilla/seamonkey
< 1.0.8
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
Timeline
Published
Feb 26, 2007
Tracked Since
Feb 18, 2026