Lucene search

[email protected]CVE-2008-1234

HistoryMar 27, 2008 - 10:44 a.m.

CVE-2008-1234

2008-03-2710:44:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2008

1234

cross-site scripting

xss

mozilla firefox

thunderbird

seamonkey

universal xss

event handlers

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.4%

JSON

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka “Universal XSS using event handlers.”

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle2.0.0.12
mozilla:thunderbirdmozilla thunderbirdle2.0.0.12
mozilla:seamonkeymozilla seamonkeyle1.1.8

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	2.0.0.12
mozilla:thunderbird	mozilla thunderbird	le	2.0.0.12
mozilla:seamonkey	mozilla seamonkey	le	1.1.8

References

lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

rhn.redhat.com/errata/RHSA-2008-0208.html

secunia.com/advisories/29391

secunia.com/advisories/29526

secunia.com/advisories/29539

secunia.com/advisories/29541

secunia.com/advisories/29547

secunia.com/advisories/29548

secunia.com/advisories/29550

secunia.com/advisories/29558

secunia.com/advisories/29560

secunia.com/advisories/29607

secunia.com/advisories/29616

secunia.com/advisories/29645

secunia.com/advisories/30016

secunia.com/advisories/30094

secunia.com/advisories/30105

secunia.com/advisories/30192

secunia.com/advisories/30327

secunia.com/advisories/30370

secunia.com/advisories/30620

secunia.com/advisories/31043

sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

www.debian.org/security/2008/dsa-1532

www.debian.org/security/2008/dsa-1534

www.debian.org/security/2008/dsa-1535

www.debian.org/security/2008/dsa-1574

www.gentoo.org/security/en/glsa/glsa-200805-18.xml

www.kb.cert.org/vuls/id/466521

www.mandriva.com/security/advisories?name=MDVSA-2008:080

www.mandriva.com/security/advisories?name=MDVSA-2008:155

www.mozilla.org/security/announce/2008/mfsa2008-14.html

www.redhat.com/support/errata/RHSA-2008-0207.html

www.redhat.com/support/errata/RHSA-2008-0209.html

www.securityfocus.com/archive/1/490196/100/0/threaded

www.securityfocus.com/bid/28448

www.securitytracker.com/id?1019694

www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313

www.ubuntu.com/usn/usn-592-1

www.ubuntu.com/usn/usn-605-1

www.us-cert.gov/cas/techalerts/TA08-087A.html

www.vupen.com/english/advisories/2008/0998/references

www.vupen.com/english/advisories/2008/0999/references

www.vupen.com/english/advisories/2008/1793/references

www.vupen.com/english/advisories/2008/2091/references

exchange.xforce.ibmcloud.com/vulnerabilities/41455

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9551

www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.4%

JSON

Related for CVE-2008-1234

prion1 ubuntucve1 veracode1 securityvulns2 mozilla1 cert1 nessus38 openvas88 ubuntu2 slackware1 fedora32 debian5 redhat3 osv5 centos4 oraclelinux3 seebug1 freebsd1 suse2 gentoo1