PublicDate: 2007-08-08 01:17:00 UTC
Candidate: CVE-2007-3844
References:
 https://ubuntu.com/security/notices/USN-493-1
 https://ubuntu.com/security/notices/USN-503-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3844
Description:
 Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and
 SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting
 (XSS) attacks with chrome privileges via an addon that inserts a (1)
 javascript: or (2) data: link into an about:blank document loaded by chrome
 via (a) the window.open function or (b) a content.location assignment, aka
 "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089
 regression.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_midbrowser: DNE
edgy_midbrowser: DNE
feisty_midbrowser: DNE
devel_midbrowser: released (0.1.6b-0ubuntu2)
dapper_mozilla-thunderbird: released (1.5.0.13-0ubuntu0.6.06)
edgy_mozilla-thunderbird: released (1.5.0.13-0ubuntu0.6.10)
feisty_mozilla-thunderbird: released (1.5.0.13-0ubuntu0.7.04)
devel_mozilla-thunderbird: DNE
dapper_firefox: released (1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
edgy_firefox: released (2.0.0.6+0dfsg-0ubuntu0.6.10)
feisty_firefox: released (2.0.0.6+1-0ubuntu1)
devel_firefox: not-affected
dapper_iceape: DNE
edgy_iceape: DNE
feisty_iceape: DNE
devel_iceape: released (1.1.4-1ubuntu2)
upstream_firefox: needs-triage
upstream_iceape: needs-triage
upstream_midbrowser: needs-triage
upstream_mozilla-thunderbird: needs-triage