[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-1234Date: (C)2008-03-27   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1019694
http://www.securityfocus.com/archive/1/490196/100/0/threaded
SUNALERT-238492
SUNALERT-239546
BID-28448
SECUNIA-29391
SECUNIA-29526
SECUNIA-29539
SECUNIA-29541
SECUNIA-29547
SECUNIA-29548
SECUNIA-29550
SECUNIA-29558
SECUNIA-29560
SECUNIA-29607
SECUNIA-29616
SECUNIA-29645
SECUNIA-30016
SECUNIA-30094
SECUNIA-30105
SECUNIA-30192
SECUNIA-30327
SECUNIA-30370
SECUNIA-30620
SECUNIA-31043
ADV-2008-0998
ADV-2008-0999
ADV-2008-1793
ADV-2008-2091
DSA-1532
DSA-1534
DSA-1535
DSA-1574
FEDORA-2008-3519
FEDORA-2008-3557
GLSA-200805-18
MDVSA-2008:080
MDVSA-2008:155
RHSA-2008:0207
RHSA-2008:0208
RHSA-2008:0209
SSA:2008-128-02
SUSE-SA:2008:019
TA08-087A
USN-592-1
USN-605-1
VU#466521
firefox-eventhandlers-xss(41455)
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128
http://www.mozilla.org/security/announce/2008/mfsa2008-14.html
oval:org.mitre.oval:def:9551

CPE    3
cpe:/a:mozilla:thunderbird
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:firefox
CWE    1
CWE-79
OVAL    7
oval:org.secpod.oval:def:301399
oval:org.mitre.oval:def:7681
oval:org.mitre.oval:def:7395
oval:org.mitre.oval:def:7869
...

© SecPod Technologies