CVE-2008-1234

MEDIUM

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."

References

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

http://rhn.redhat.com/errata/RHSA-2008-0208.html

http://secunia.com/advisories/29391

http://secunia.com/advisories/29526

http://secunia.com/advisories/29539

http://secunia.com/advisories/29541

http://secunia.com/advisories/29547

http://secunia.com/advisories/29548

http://secunia.com/advisories/29550

http://secunia.com/advisories/29558

http://secunia.com/advisories/29560

http://secunia.com/advisories/29607

http://secunia.com/advisories/29616

http://secunia.com/advisories/29645

http://secunia.com/advisories/30016

http://secunia.com/advisories/30094

http://secunia.com/advisories/30105

http://secunia.com/advisories/30192

http://secunia.com/advisories/30327

http://secunia.com/advisories/30370

http://secunia.com/advisories/30620

http://secunia.com/advisories/31043

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

http://www.debian.org/security/2008/dsa-1532

http://www.debian.org/security/2008/dsa-1534

http://www.debian.org/security/2008/dsa-1535

http://www.debian.org/security/2008/dsa-1574

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.kb.cert.org/vuls/id/466521

http://www.mandriva.com/security/advisories?name=MDVSA-2008:080

http://www.mandriva.com/security/advisories?name=MDVSA-2008:155

http://www.mozilla.org/security/announce/2008/mfsa2008-14.html

http://www.redhat.com/support/errata/RHSA-2008-0207.html

http://www.redhat.com/support/errata/RHSA-2008-0209.html

http://www.securityfocus.com/archive/1/490196/100/0/threaded

http://www.securityfocus.com/bid/28448

http://www.securitytracker.com/id?1019694

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313

http://www.ubuntu.com/usn/usn-592-1

http://www.ubuntu.com/usn/usn-605-1

http://www.us-cert.gov/cas/techalerts/TA08-087A.html

http://www.vupen.com/english/advisories/2008/0998/references

http://www.vupen.com/english/advisories/2008/0999/references

http://www.vupen.com/english/advisories/2008/1793/references

http://www.vupen.com/english/advisories/2008/2091/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41455

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9551

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html

Details

Source: MITRE

Published: 2008-03-27

Updated: 2018-10-11

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM