CVE-2007-3844

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 2.0.0.5 and earlier Thunderbird versions 2.0.0.5 and earlier, and versions prior to 1.5.0.13 SeaMonkey version 1.1.3

Description: The issue allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges. This is achieved via an addon that inserts a javascript: or data: link into an about:blank document loaded by chrome. The document can be loaded using the window.open function or a content.location assignment.

Recommendations: For Mozilla Firefox versions 2.0.0.5 and earlier, update to a version that fixes the regression issue. For Thunderbird versions 2.0.0.5 and earlier, and versions prior to 1.5.0.13, update to a version that fixes the regression issue. For SeaMonkey version 1.1.3, update to a version that fixes the regression issue. As a temporary workaround, consider disabling the use of addons that insert javascript: or data: links into documents loaded by chrome until a patch is available.