CVE-2008-3835 — Mozilla Firefox vulnerability

CWE-2649 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 68.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedSep 24

Latest updateMay 2

Description

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/firefox2.0.0.16+47

▶NVDmozilla/seamonkey1.1.11+14

▶NVDmozilla/thunderbird2.0.0.16+58

🔴Vulnerability Details

GHSA

GHSA-359f-mc8p-j8g3: The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2↗2022-05-02

▶

CVEList

CVE-2008-3835: The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2↗2008-09-24

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2008-09-26

▶

Ubuntu

Firefox and xulrunner regression↗2008-09-25

▶

Ubuntu

Firefox vulnerabilities↗2008-09-24

▶

Ubuntu

Firefox and xulrunner vulnerabilities↗2008-09-24

▶

Red Hat

mozilla: nsXMLDocument:: OnChannelRedirect() same-origin violation↗2008-09-23

▶

💬Community

Bugzilla

CVE-2008-3835 mozilla: nsXMLDocument::OnChannelRedirect() same-origin violation↗2008-09-22

▶