VYPR
Unrated severityNVD Advisory· Published Feb 26, 2007· Updated Jun 16, 2026

CVE-2007-0780

CVE-2007-0780

Description

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9

Patches

Vulnerability mechanics

References

47

News mentions

0

No linked articles in our index yet.