CVE-2008-4723 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 56.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedOct 23

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox3.0.1, 3.0.2, 3.0.3+2

🔴Vulnerability Details

GHSA

GHSA-53xr-44wj-pxch: Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3↗2022-05-17

▶

📋Vendor Advisories

Red Hat

firefox: remote arbitrary web script or HTML injection via an ftp:// URL↗2008-10-21

▶

💬Community

Bugzilla

CVE-2008-4723 firefox: remote arbitrary web script or HTML injection via an ftp:// URL↗2008-10-24

▶