CVE-2008-5504 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

7.5HIGHNVD

EPSS

3.2%

top 13.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedDec 17

Latest updateMay 17

Description

Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/firefox2.0.0.18+18

🔴Vulnerability Details

GHSA

GHSA-hph5-qh8m-x8v8: Mozilla Firefox 2↗2022-05-17

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2008-12-18

▶

Red Hat

Firefox 2 XSS attack vectors in feed preview↗2008-12-16

▶

💬Community

Bugzilla

CVE-2008-5504 Firefox 2 XSS attack vectors in feed preview↗2008-12-12

▶