First published: Mon Feb 26 2007(Updated: )
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | >=1.5<1.5.0.10 | |
Mozilla Firefox | >=2.0<2.0.0.2 | |
Mozilla SeaMonkey | <1.0.8 | |
Canonical Ubuntu Linux | =6.06 | |
Canonical Ubuntu Linux | =6.10 | |
Canonical Ubuntu Linux | =5.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.