Mozilla security researcher moz_bug_r_a4 reported that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. This vulnerability could be used to execute JavaScript in the context of a different website.

CPENameOperatorVersion
firefoxlt2.0.0.17
seamonkeylt1.1.12
thunderbirdlt2.0.0.17

Name	Operator	Version
firefox	lt	2.0.0.17
seamonkey	lt	1.1.12
thunderbird	lt	2.0.0.17

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835

bugzilla.mozilla.org/show_bug.cgi?id=439034

cve 1

prion 1

ubuntucve 1

securityvulns 2

cvelist 1

veracode 1

openvas 59

nessus 39

oraclelinux 2

redhat 2

centos 3

ubuntu 4

debian 4

osv 4

freebsd 1

seebug 1

suse 2

fedora 2

gentoo 1

cve

CVE-2008-3835

2008-09-24 20:37:00

prion

Design/Logic Flaw

2008-09-24 20:37:00

ubuntucve

CVE-2008-3835

2008-09-24 00:00:00

securityvulns

Mozilla Foundation Security Advisory 2008-38

2008-09-29 00:00:00

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

2008-09-30 00:00:00

cvelist

CVE-2008-3835

2008-09-24 18:00:00

veracode

Privilege Escalation

2020-04-10 00:25:29

openvas

CentOS Update for thunderbird CESA-2008:0908 centos4 x86_64

2009-02-27 00:00:00

CentOS Update for thunderbird CESA-2008:0908 centos4 i386

2009-02-27 00:00:00

Mandriva Update for mozilla-thunderbird MDVSA-2008:206 (mozilla-thunderbird)

2009-04-09 00:00:00

nessus

Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:206)

2009-04-23 00:00:00

RHEL 4 / 5 : thunderbird (RHSA-2008:0908)

2008-10-02 00:00:00

CentOS 4 / 5 : thunderbird (CESA-2008:0908)

2008-10-06 00:00:00

oraclelinux

thunderbird security update

2008-10-01 00:00:00

seamonkey security update

2008-09-24 00:00:00

redhat

(RHSA-2008:0908) Moderate: thunderbird security update

2008-10-01 00:00:00

(RHSA-2008:0882) Critical: seamonkey security update

2008-09-23 00:00:00

centos

thunderbird security update

2008-10-03 18:55:22

seamonkey security update

2008-09-24 14:22:25

seamonkey security update

2008-09-24 23:08:13

ubuntu

Thunderbird vulnerabilities

2008-09-26 00:00:00

Firefox and xulrunner regression

2008-09-25 00:00:00

Firefox vulnerabilities

2008-09-24 00:00:00

debian

[SECURITY] [DSA 1649-1] New iceweasel packages fix several vulnerabilities

2008-10-08 20:16:14

[SECURITY] [DSA 1669-1] New xulrunner packages fix several vulnerabilities

2008-11-23 20:30:10

[SECURITY] [DSA 1696-1] New icedove packages fix several vulnerabilities

2009-01-07 21:32:33

osv

iceweasel - several vulnerabilities

2008-10-08 00:00:00

xulrunner - several vulnerabilities

2008-11-23 00:00:00

icedove - several vulnerabilities

2009-01-07 00:00:00

freebsd

mozilla -- multiple vulnerabilities

2008-09-24 00:00:00

seebug

Mozilla Firefox/SeaMonkey/Thunderbird多个远程漏洞

2008-09-25 00:00:00

suse

remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey,mozilla

2008-10-08 17:24:56

Firefox update to 31.1esr (important)

2014-09-09 18:04:16

fedora

[SECURITY] Fedora 8 Update: thunderbird-2.0.0.18-1.fc8

2008-11-21 10:57:04

[SECURITY] Fedora 9 Update: thunderbird-2.0.0.18-1.fc9

2008-11-21 11:04:30

gentoo

Mozilla Products: Multiple vulnerabilities

2013-01-08 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.021 Low

EPSS

Percentile

89.3%

JSON

Related for MFSA2008-38