CVE-2007-3844
The MITRE CVE dictionary describes this issue as:
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
Find out more about CVE-2007-3844 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250648
The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 5 (thunderbird) | RHSA-2007:0981 | 2007-10-19 |
| Red Hat Enterprise Linux 4 (seamonkey) | RHSA-2007:0980 | 2007-10-19 |
| Red Hat Enterprise Linux 4 (thunderbird) | RHSA-2007:0981 | 2007-10-19 |
| Red Hat Enterprise Linux 4 (firefox) | RHSA-2007:0979 | 2007-10-19 |
| Red Hat Enterprise Linux 3 (seamonkey) | RHSA-2007:0980 | 2007-10-19 |
| Red Hat Enterprise Linux 5 (firefox) | RHSA-2007:0979 | 2007-10-19 |
| Red Hat Enterprise Linux 2.1 (seamonkey) | RHSA-2007:0980 | 2007-10-19 |
| Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) | RHSA-2007:0981 | 2007-10-19 |
CVE description copyright © 2017, The MITRE Corporation