CVE-2008-2800

Current Description

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest.

Basic Data

PublishedJuly 07, 2008
Last ModifiedOctober 11, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaFirefox2.0*******
    2.3ApplicationMozillaFirefox2.0.0.1*******
    2.3ApplicationMozillaFirefox2.0.0.2*******
    2.3ApplicationMozillaFirefox2.0.0.3*******
    2.3ApplicationMozillaFirefox2.0.0.4*******
    2.3ApplicationMozillaFirefox2.0.0.5*******
    2.3ApplicationMozillaFirefox2.0.0.6*******
    2.3ApplicationMozillaFirefox2.0.0.7*******
    2.3ApplicationMozillaFirefox2.0.0.8*******
    2.3ApplicationMozillaFirefox2.0.0.9*******
    2.3ApplicationMozillaFirefox2.0.0.10*******
    2.3ApplicationMozillaFirefox2.0.0.11*******
    2.3ApplicationMozillaFirefox2.0.0.12*******
    2.3ApplicationMozillaFirefox2.0.0.13*******
    2.3ApplicationMozillaFirefox********2.0.0.14
    2.3ApplicationMozillaSeamonkey1.1*******
    2.3ApplicationMozillaSeamonkey1.1.2*******
    2.3ApplicationMozillaSeamonkey1.1.3*******
    2.3ApplicationMozillaSeamonkey1.1.4*******
    2.3ApplicationMozillaSeamonkey1.1.5*******
    2.3ApplicationMozillaSeamonkey1.1.6*******
    2.3ApplicationMozillaSeamonkey1.1.7*******
    2.3ApplicationMozillaSeamonkey1.1.8*******
    2.3ApplicationMozillaSeamonkey********1.1.9

Vulnerable Software List

VendorProductVersions
Mozilla Firefox *, 2.0, 2.0.0.1, 2.0.0.10, 2.0.0.11, 2.0.0.12, 2.0.0.13, 2.0.0.2, 2.0.0.3, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.7, 2.0.0.8, 2.0.0.9
Mozilla Seamonkey *, 1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8

References

NameSourceURLTags
SUSE-SA:2008:034http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.htmlSUSE
RHSA-2008:0616http://rhn.redhat.com/errata/RHSA-2008-0616.htmlREDHAT
30878http://secunia.com/advisories/30878SECUNIA
30898http://secunia.com/advisories/30898SECUNIA
30903http://secunia.com/advisories/30903SECUNIA
30911http://secunia.com/advisories/30911SECUNIAVendor Advisory
30949http://secunia.com/advisories/30949SECUNIA
31005http://secunia.com/advisories/31005SECUNIA
31008http://secunia.com/advisories/31008SECUNIA
31021http://secunia.com/advisories/31021SECUNIA
31023http://secunia.com/advisories/31023SECUNIA
31069http://secunia.com/advisories/31069SECUNIA
31076http://secunia.com/advisories/31076SECUNIA
31183http://secunia.com/advisories/31183SECUNIA
31195http://secunia.com/advisories/31195SECUNIA
31377http://secunia.com/advisories/31377SECUNIA
33433http://secunia.com/advisories/33433SECUNIA
34501http://secunia.com/advisories/34501SECUNIA
GLSA-200808-03http://security.gentoo.org/glsa/glsa-200808-03.xmlGENTOO
SSA:2008-191-03http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152SLACKWARE
SSA:2008-191http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911SLACKWARE
256408http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1SUNALERT
http://wiki.rpath.com/Advisories:rPSA-2008-0216http://wiki.rpath.com/Advisories:rPSA-2008-0216CONFIRM
DSA-1607http://www.debian.org/security/2008/dsa-1607DEBIAN
DSA-1615http://www.debian.org/security/2008/dsa-1615DEBIAN
DSA-1697http://www.debian.org/security/2009/dsa-1697DEBIAN
MDVSA-2008:136http://www.mandriva.com/security/advisories?name=MDVSA-2008:136MANDRIVA
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15CONFIRM
http://www.mozilla.org/security/announce/2008/mfsa2008-22.htmlhttp://www.mozilla.org/security/announce/2008/mfsa2008-22.htmlCONFIRM
RHSA-2008:0547http://www.redhat.com/support/errata/RHSA-2008-0547.htmlREDHAT
RHSA-2008:0549http://www.redhat.com/support/errata/RHSA-2008-0549.htmlREDHAT
RHSA-2008:0569http://www.redhat.com/support/errata/RHSA-2008-0569.htmlREDHAT
20080708 rPSA-2008-0216-1 firefoxhttp://www.securityfocus.com/archive/1/494080/100/0/threadedBUGTRAQ
30038http://www.securityfocus.com/bid/30038BID
1020419http://www.securitytracker.com/id?1020419SECTRACK
USN-619-1http://www.ubuntu.com/usn/usn-619-1UBUNTU
ADV-2008-1993http://www.vupen.com/english/advisories/2008/1993/referencesVUPEN
ADV-2009-0977http://www.vupen.com/english/advisories/2009/0977VUPEN
https://bugzilla.mozilla.org/show_bug.cgi?id=428672https://bugzilla.mozilla.org/show_bug.cgi?id=428672CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=432591https://bugzilla.mozilla.org/show_bug.cgi?id=432591CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=433328https://bugzilla.mozilla.org/show_bug.cgi?id=433328CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=439035https://bugzilla.mozilla.org/show_bug.cgi?id=439035CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=440308https://bugzilla.mozilla.org/show_bug.cgi?id=440308CONFIRM
https://issues.rpath.com/browse/RPL-2646https://issues.rpath.com/browse/RPL-2646CONFIRM
oval:org.mitre.oval:def:9386https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9386OVAL
FEDORA-2008-6127https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.htmlFEDORA
FEDORA-2008-6193https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.htmlFEDORA
FEDORA-2008-6196https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.htmlFEDORA