[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-3835Date: (C)2008-09-24   (M)2024-02-09


The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1020919
SUNALERT-256408
BID-31346
SECUNIA-31984
SECUNIA-31985
SECUNIA-32007
SECUNIA-32010
SECUNIA-32012
SECUNIA-32025
SECUNIA-32042
SECUNIA-32044
SECUNIA-32082
SECUNIA-32092
SECUNIA-32144
SECUNIA-32185
SECUNIA-32196
SECUNIA-32845
SECUNIA-33433
SECUNIA-33434
SECUNIA-34501
ADV-2008-2661
ADV-2009-0977
DSA-1649
DSA-1669
DSA-1696
DSA-1697
FEDORA-2008-8401
FEDORA-2008-8429
MDVSA-2008:205
MDVSA-2008:206
RHSA-2008:0882
RHSA-2008:0908
SSA:2008-269-01
SSA:2008-269-02
SSA:2008-270-01
SUSE-SA:2008:050
USN-645-1
USN-645-2
USN-647-1
firefox-onchannelredirect-security-bypass(45347)
http://download.novell.com/Download?buildid=WZXONb-tqBw~
http://www.mozilla.org/security/announce/2008/mfsa2008-38.html
https://bugzilla.mozilla.org/show_bug.cgi?id=439034
oval:org.mitre.oval:def:9643

CPE    118
cpe:/a:mozilla:thunderbird:2.0.0.14
cpe:/a:mozilla:thunderbird:2.0.0.15
cpe:/a:mozilla:thunderbird:2.0.0.11
cpe:/a:mozilla:thunderbird:2.0.0.12
...
CWE    1
CWE-264
OVAL    8
oval:org.secpod.oval:def:301362
oval:org.mitre.oval:def:7657
oval:org.secpod.oval:def:301323
oval:org.mitre.oval:def:8021
...

© SecPod Technologies