CVE-2008-3836 — Cross-site Scripting in Mozilla Firefox

CWE-264 CWE-79 — Cross-site Scripting10 documents5 sources

Severity

7.5HIGHNVD

EPSS

2.9%

top 13.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedSep 24

Latest updateMay 17

Description

feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/firefox2.0.0.18+58

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-hph5-qh8m-x8v8: Mozilla Firefox 2↗2022-05-17

▶

GHSA

GHSA-v3vw-x43v-2399: feedWriter in Mozilla Firefox before 2↗2022-05-02

▶

📋Vendor Advisories

Red Hat

Firefox 2 XSS attack vectors in feed preview↗2008-12-16

▶

Ubuntu

Firefox and xulrunner regression↗2008-09-25

▶

Ubuntu

Firefox vulnerabilities↗2008-09-24

▶

Ubuntu

Firefox and xulrunner vulnerabilities↗2008-09-24

▶

Red Hat

mozilla: Privilege escalation using feed preview page and XSS flaw↗2008-09-23

▶

💬Community

Bugzilla

CVE-2008-3836 mozilla: Privilege escalation using feed preview page and XSS flaw↗2008-09-22

▶