CVE-2008-1234Cross-site Scripting in Mozilla Firefox

CWE-79Cross-site Scripting10 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
7.2%
top 8.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedMar 27
Latest updateApr 23

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDmozilla/firefox2.0.0.12
NVDmozilla/thunderbird2.0.0.12

🔴Vulnerability Details

1
GHSA
GHSA-94wq-jwp8-mvj5: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 22022-04-23

💥Exploits & PoCs

4
Exploit-DB
IBM Rational ClearCase 7/8 - Cross-Site Scripting2008-12-01
Exploit-DB
IGSuite 3.2.4 - Reverse Shell / Blind SQL Injection2008-06-22
Exploit-DB
Asterisk 1.2.x - SIP channel driver / in pedantic mode Remote Crash2008-06-05
Exploit-DB
WordPress MU < 1.3.2 - 'active_plugins' Code Execution2008-02-05

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2008-05-06
Ubuntu
Firefox vulnerabilities2008-03-26
Red Hat
universal XSS using event handlers2008-03-25

💬Community

1
Bugzilla
CVE-2008-1234 universal XSS using event handlers2008-03-24
CVE-2008-1234 — Cross-site Scripting in Mozilla Firefox | cvebase