CVE-2007-0780

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 1.5.x through 1.5.0.9 Mozilla Firefox versions 2.x through 2.0.0.1 SeaMonkey versions prior to 1.0.8

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. This is due to the use of the requesting URI to identify child windows in the browser.js file.

Recommendations For Mozilla Firefox versions 1.5.x through 1.5.0.9, update to version 1.5.0.10 or later. For Mozilla Firefox versions 2.x through 2.0.0.1, update to version 2.0.0.2 or later. For SeaMonkey versions prior to 1.0.8, update to version 1.0.8 or later.