CVE-2008-1234

medium

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."

References

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9551

https://exchange.xforce.ibmcloud.com/vulnerabilities/41455

http://www.vupen.com/english/advisories/2008/2091/references

http://www.vupen.com/english/advisories/2008/1793/references

http://www.vupen.com/english/advisories/2008/0999/references

http://www.vupen.com/english/advisories/2008/0998/references

http://www.us-cert.gov/cas/techalerts/TA08-087A.html

http://www.ubuntu.com/usn/usn-605-1

http://www.ubuntu.com/usn/usn-592-1

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313

http://www.securitytracker.com/id?1019694

http://www.securityfocus.com/bid/28448

http://www.securityfocus.com/archive/1/490196/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2008-0209.html

http://www.redhat.com/support/errata/RHSA-2008-0207.html

http://www.mozilla.org/security/announce/2008/mfsa2008-14.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:155

http://www.mandriva.com/security/advisories?name=MDVSA-2008:080

http://www.kb.cert.org/vuls/id/466521

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.debian.org/security/2008/dsa-1574

http://www.debian.org/security/2008/dsa-1535

http://www.debian.org/security/2008/dsa-1534

http://www.debian.org/security/2008/dsa-1532

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://secunia.com/advisories/31043

http://secunia.com/advisories/30620

http://secunia.com/advisories/30370

http://secunia.com/advisories/30327

http://secunia.com/advisories/30192

http://secunia.com/advisories/30105

http://secunia.com/advisories/30094

http://secunia.com/advisories/30016

http://secunia.com/advisories/29645

http://secunia.com/advisories/29616

http://secunia.com/advisories/29607

http://secunia.com/advisories/29560

http://secunia.com/advisories/29558

http://secunia.com/advisories/29550

http://secunia.com/advisories/29548

http://secunia.com/advisories/29547

http://secunia.com/advisories/29541

http://secunia.com/advisories/29539

http://secunia.com/advisories/29526

http://secunia.com/advisories/29391

http://rhn.redhat.com/errata/RHSA-2008-0208.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

Details

Source: Mitre, NVD

Published: 2008-03-27

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium