Vulnerability Name:

CVE-2007-3844 (CCN-35698)

Assigned:2007-07-31
Published:2007-07-31
Updated:2018-10-15
Summary:Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting."
Note: this issue is caused by a CVE-2007-3089 regression.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: UNKNOWN
http://bugzilla.mozilla.org/show_bug.cgi?id=388121

Source: MITRE
Type: CNA
CVE-2007-3844

Source: HP
Type: UNKNOWN
HPSBUX02153

Source: HP
Type: UNKNOWN
HPSBUX02156

Source: CCN
Type: RHSA-2007-0979
Critical: firefox security update

Source: CCN
Type: RHSA-2007-0980
Critical: seamonkey security update

Source: CCN
Type: RHSA-2007-0981
Moderate: thunderbird security update

Source: SECUNIA
Type: UNKNOWN
26234

Source: SECUNIA
Type: UNKNOWN
26258

Source: CCN
Type: SA26288
Mozilla Products Addon Chrome-Loaded "about:blank" Cross-Context Scripting

Source: SECUNIA
Type: Patch, Vendor Advisory
26288

Source: SECUNIA
Type: UNKNOWN
26303

Source: SECUNIA
Type: UNKNOWN
26309

Source: SECUNIA
Type: UNKNOWN
26331

Source: SECUNIA
Type: UNKNOWN
26335

Source: SECUNIA
Type: UNKNOWN
26393

Source: SECUNIA
Type: UNKNOWN
26460

Source: SECUNIA
Type: UNKNOWN
26572

Source: SECUNIA
Type: UNKNOWN
27276

Source: SECUNIA
Type: UNKNOWN
27298

Source: SECUNIA
Type: UNKNOWN
27325

Source: SECUNIA
Type: UNKNOWN
27326

Source: SECUNIA
Type: UNKNOWN
27327

Source: SECUNIA
Type: UNKNOWN
27356

Source: SECUNIA
Type: UNKNOWN
27414

Source: SECUNIA
Type: UNKNOWN
27680

Source: CCN
Type: SA28135
Sun Solaris Firefox / Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28135

Source: SECUNIA
Type: UNKNOWN
28363

Source: CCN
Type: SECTRACK ID: 1018479
Mozilla Firefox `about:blank` Privilege Escalation Bug Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1018479

Source: CCN
Type: SECTRACK ID: 1018480
Mozilla Seamonkey `about:blank` Privilege Escalation Bug Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1018480

Source: CCN
Type: SECTRACK ID: 1018481
Mozilla Thunderbird `about:blank` Privilege Escalation Bug Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Patch
1018481

Source: SLACKWARE
Type: UNKNOWN
SSA:2007-213-01

Source: CCN
Type: Sun Alert ID: 103177
Multiple Security Vulnerabilities in Firefox and Thunderbird for Solaris 10 May Allow Execution of Arbitrary Code and Access to Unauthorized Data

Source: SUNALERT
Type: UNKNOWN
103177

Source: SUNALERT
Type: UNKNOWN
201516

Source: CCN
Type: ASA-2007-447
Firefox security update (RHSA-2007-0979)

Source: CCN
Type: ASA-2007-459
seamonkey security update (RHSA-2007-0980)

Source: CCN
Type: ASA-2007-461
thunderbird security update (RHSA-2007-0981)

Source: CCN
Type: ASA-2008-008
Multiple Security Vulnerabilities in Firefox and Thunderbird for Solaris 10 May Allow Execution of Arbitrary Code and Access to Unauthorized Data (Sun 103177)

Source: CONFIRM
Type: UNKNOWN
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

Source: DEBIAN
Type: UNKNOWN
DSA-1344

Source: DEBIAN
Type: UNKNOWN
DSA-1345

Source: DEBIAN
Type: UNKNOWN
DSA-1346

Source: DEBIAN
Type: UNKNOWN
DSA-1391

Source: DEBIAN
Type: DSA-1344
iceweasel -- several vulnerabilities

Source: DEBIAN
Type: DSA-1345
xulrunner -- several vulnerabilities

Source: DEBIAN
Type: DSA-1346
iceape -- several vulnerabilities

Source: DEBIAN
Type: DSA-1391
icedove -- several vulnerabilities

Source: CCN
Type: GLSA-200708-09
Mozilla products: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200708-09

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:152

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2007:047

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:047

Source: CCN
Type: MFSA 2007-26
Privilege escalation through chrome-loaded about:blank windows

Source: CONFIRM
Type: Patch
http://www.mozilla.org/security/announce/2007/mfsa2007-26.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:057

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0979

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0980

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0981

Source: BUGTRAQ
Type: UNKNOWN
20070801 FLEA-2007-0039-1 firefox

Source: BUGTRAQ
Type: UNKNOWN
20070803 FLEA-2007-0040-1 thunderbird

Source: BID
Type: Exploit, Patch
25142

Source: CCN
Type: BID-25142
Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability

Source: CCN
Type: USN-493-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-493-1

Source: CCN
Type: USN-503-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-503-1

Source: VUPEN
Type: UNKNOWN
ADV-2007-3587

Source: VUPEN
Type: UNKNOWN
ADV-2007-4256

Source: VUPEN
Type: UNKNOWN
ADV-2008-0082

Source: XF
Type: UNKNOWN
mozilla-aboutblank-code-execution(35698)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1600

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9493

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-3431

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-2601

Source: SUSE
Type: SUSE-SA:2007:057
Mozilla Security Update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_school_server:-:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::es:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20073844
    V
    		CVE-2007-3844
    2015-11-16
    oval:org.mitre.oval:def:17637
    P
    		USN-503-1 -- mozilla-thunderbird vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:18825
    P
    		DSA-1344-1 iceweasel
    2014-06-23
    oval:org.mitre.oval:def:20237
    P
    		DSA-1345-1 xulrunner
    2014-06-23
    oval:org.mitre.oval:def:17867
    P
    		DSA-1391-1 icedove - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:18682
    P
    		DSA-1346-1 iceape
    2014-06-23
    oval:org.mitre.oval:def:22422
    P
    		ELSA-2007:0981: thunderbird security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21818
    P
    		ELSA-2007:0979: firefox security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:9493
    V
    		Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
    2013-04-29
    oval:com.redhat.rhsa:def:20070979
    P
    		RHSA-2007:0979: firefox security update (Critical)
    2008-03-20
    oval:com.redhat.rhsa:def:20070981
    P
    		RHSA-2007:0981: thunderbird security update (Moderate)
    2008-03-20
    oval:com.redhat.rhsa:def:20070980
    P
    		RHSA-2007:0980: seamonkey security update (Critical)
    2007-10-19
    oval:org.debian:def:1391
    V
    		several vulnerabilities
    2007-10-19
    oval:org.debian:def:1345
    V
    		several vulnerabilities
    2007-08-04
    oval:org.debian:def:1346
    V
    		several vulnerabilities
    2007-08-04
    oval:org.debian:def:1344
    V
    		several vulnerabilities
    2007-08-03
    BACK
    mozilla firefox 2.0.0.5
    mozilla seamonkey 1.1.3
    mozilla thunderbird 2.0.0.5
    mozilla thunderbird 1.5
    mozilla thunderbird 1.5 beta2
    mozilla thunderbird 1.5.0.7
    mozilla thunderbird 1.5.0.9
    mozilla firefox 2.0.0.5
    mozilla thunderbird 2.0.0.5
    mozilla seamonkey 1.1.3
    mozilla thunderbird 1.5.0.10
    mozilla thunderbird 1.5.0.11
    mozilla thunderbird 1.5.0.12
    mozilla thunderbird 1.5.0.6
    mozilla thunderbird 1.5.0.5
    mozilla thunderbird 1.5.0.8
    mozilla thunderbird 1.5.0.4
    mozilla thunderbird 1.5.0.3
    mozilla thunderbird 1.5.0.2
    mozilla thunderbird 1.5.0.1
    gentoo linux *
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux school server -
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell open enterprise server *
    sun solaris 10
    sun solaris 10
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    suse suse linux 10.1
    novell suse linux enterprise server 10 sp2
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2007.1
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z
    novell open enterprise server *
    novell opensuse 10.2
    novell opensuse 10.3