7.5

CVE-2008-3835

EPSS 0.14%
Published 24.09.2008 20:37:04
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.

Affected products Warnungen 0 Metrics 2 CWE 0 References 47

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 2.0.0.16

Mozilla ≫ Firefox Version0.8

Mozilla ≫ Firefox Version0.9

Mozilla ≫ Firefox Version0.9 Updaterc

Mozilla ≫ Firefox Version0.9.1

Mozilla ≫ Firefox Version0.9.2

Mozilla ≫ Firefox Version0.9.3

Mozilla ≫ Firefox Version0.9_rc

Mozilla ≫ Firefox Version0.10

Mozilla ≫ Firefox Version0.10.1

Mozilla ≫ Firefox Version1.0

Mozilla ≫ Firefox Version1.0.1

Mozilla ≫ Firefox Version1.0.2

Mozilla ≫ Firefox Version1.0.3

Mozilla ≫ Firefox Version1.0.4

Mozilla ≫ Firefox Version1.0.5

Mozilla ≫ Firefox Version1.0.6

Mozilla ≫ Firefox Version1.0.7

Mozilla ≫ Firefox Version1.0.8

Mozilla ≫ Firefox Version1.5

Mozilla ≫ Firefox Version1.5 Updatebeta1

Mozilla ≫ Firefox Version1.5 Updatebeta2

Mozilla ≫ Firefox Version1.5.0.1

Mozilla ≫ Firefox Version1.5.0.2

Mozilla ≫ Firefox Version1.5.0.3

Mozilla ≫ Firefox Version1.5.0.4

Mozilla ≫ Firefox Version1.5.0.5

Mozilla ≫ Firefox Version1.5.0.6

Mozilla ≫ Firefox Version1.5.0.7

Mozilla ≫ Firefox Version1.5.0.8

Mozilla ≫ Firefox Version1.5.0.9

Mozilla ≫ Firefox Version1.5.0.10

Mozilla ≫ Firefox Version1.5.0.11

Mozilla ≫ Firefox Version1.5.0.12

Mozilla ≫ Firefox Version1.5.1

Mozilla ≫ Firefox Version1.5.2

Mozilla ≫ Firefox Version1.5.3

Mozilla ≫ Firefox Version1.5.4

Mozilla ≫ Firefox Version1.5.5

Mozilla ≫ Firefox Version1.5.6

Mozilla ≫ Firefox Version1.5.7

Mozilla ≫ Firefox Version1.5.8

Mozilla ≫ Firefox Version1.8

Mozilla ≫ Firefox Version2.0

Mozilla ≫ Firefox Version2.0.0.1

Mozilla ≫ Firefox Version2.0.0.10

Mozilla ≫ Firefox Version2.0.0.11

Mozilla ≫ Firefox Version2.0.0.12

Mozilla ≫ Firefox Version2.0.0.13

Mozilla ≫ Firefox Version2.0.0.14

Mozilla ≫ Firefox Version2.0.0.15

Mozilla ≫ Seamonkey

Mozilla ≫ Seamonkey Version <= 1.1.11

Mozilla ≫ Seamonkey Version1.0

Mozilla ≫ Seamonkey Version1.0 Editionalpha

Mozilla ≫ Seamonkey Version1.0 Editiondev

Mozilla ≫ Seamonkey Version1.0 Updatebeta

Mozilla ≫ Seamonkey Version1.0.1

Mozilla ≫ Seamonkey Version1.0.2

Mozilla ≫ Seamonkey Version1.0.3

Mozilla ≫ Seamonkey Version1.0.4

Mozilla ≫ Seamonkey Version1.0.5

Mozilla ≫ Seamonkey Version1.0.6

Mozilla ≫ Seamonkey Version1.0.7

Mozilla ≫ Seamonkey Version1.0.8

Mozilla ≫ Seamonkey Version1.0.9

Mozilla ≫ Seamonkey Version1.0.99

Mozilla ≫ Seamonkey Version1.1

Mozilla ≫ Seamonkey Version1.1.1

Mozilla ≫ Seamonkey Version1.1.10

Mozilla ≫ Thunderbird

Mozilla ≫ Thunderbird Version <= 2.0.0.16

Mozilla ≫ Thunderbird Version0.1

Mozilla ≫ Thunderbird Version0.2

Mozilla ≫ Thunderbird Version0.3

Mozilla ≫ Thunderbird Version0.4

Mozilla ≫ Thunderbird Version0.5

Mozilla ≫ Thunderbird Version0.6

Mozilla ≫ Thunderbird Version0.7

Mozilla ≫ Thunderbird Version0.7.1

Mozilla ≫ Thunderbird Version0.7.2

Mozilla ≫ Thunderbird Version0.7.3

Mozilla ≫ Thunderbird Version0.8

Mozilla ≫ Thunderbird Version0.9

Mozilla ≫ Thunderbird Version1.0

Mozilla ≫ Thunderbird Version1.0.1

Mozilla ≫ Thunderbird Version1.0.2

Mozilla ≫ Thunderbird Version1.0.3

Mozilla ≫ Thunderbird Version1.0.4

Mozilla ≫ Thunderbird Version1.0.5

Mozilla ≫ Thunderbird Version1.0.5 Updatebeta

Mozilla ≫ Thunderbird Version1.0.6

Mozilla ≫ Thunderbird Version1.0.7

Mozilla ≫ Thunderbird Version1.0.8

Mozilla ≫ Thunderbird Version1.5

Mozilla ≫ Thunderbird Version1.5 Updatebeta2

Mozilla ≫ Thunderbird Version1.5.0.1

Mozilla ≫ Thunderbird Version1.5.0.2

Mozilla ≫ Thunderbird Version1.5.0.3

Mozilla ≫ Thunderbird Version1.5.0.4

Mozilla ≫ Thunderbird Version1.5.0.6

Mozilla ≫ Thunderbird Version1.5.0.7

Mozilla ≫ Thunderbird Version1.5.0.8

Mozilla ≫ Thunderbird Version1.5.0.9

Mozilla ≫ Thunderbird Version1.5.0.10

Mozilla ≫ Thunderbird Version1.5.0.11

Mozilla ≫ Thunderbird Version1.5.1

Mozilla ≫ Thunderbird Version1.5.2

Mozilla ≫ Thunderbird Version1.7.1

Mozilla ≫ Thunderbird Version1.7.3

Mozilla ≫ Thunderbird Version2.0.0.0

Mozilla ≫ Thunderbird Version2.0.0.1

Mozilla ≫ Thunderbird Version2.0.0.2

Mozilla ≫ Thunderbird Version2.0.0.3

Mozilla ≫ Thunderbird Version2.0.0.4

Mozilla ≫ Thunderbird Version2.0.0.5

Mozilla ≫ Thunderbird Version2.0.0.6

Mozilla ≫ Thunderbird Version2.0.0.8

Mozilla ≫ Thunderbird Version2.0.0.9

Mozilla ≫ Thunderbird Version2.0.0.11

Mozilla ≫ Thunderbird Version2.0.0.12

Mozilla ≫ Thunderbird Version2.0.0.13

Mozilla ≫ Thunderbird Version2.0.0.14

Mozilla ≫ Thunderbird Version2.0.0.15

Mozilla ≫ Thunderbird Version2.0_.4

Mozilla ≫ Thunderbird Version2.0_.5

Mozilla ≫ Thunderbird Version2.0_.6

Mozilla ≫ Thunderbird Version2.0_.9

Mozilla ≫ Thunderbird Version2.0_.12

Mozilla ≫ Thunderbird Version2.0_.13

Mozilla ≫ Thunderbird Version2.0_.14

Mozilla ≫ Thunderbird Version2.0_8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.35

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/33433

http://www.debian.org/security/2009/dsa-1697

http://secunia.com/advisories/33434

http://www.debian.org/security/2009/dsa-1696

http://secunia.com/advisories/34501

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://www.vupen.com/english/advisories/2009/0977

http://download.novell.com/Download?buildid=WZXONb-tqBw~

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

http://secunia.com/advisories/31984

http://secunia.com/advisories/31985

http://secunia.com/advisories/32010

http://secunia.com/advisories/32012

http://secunia.com/advisories/32042

http://secunia.com/advisories/32044

http://secunia.com/advisories/32082

http://secunia.com/advisories/32092

http://secunia.com/advisories/32144

http://secunia.com/advisories/32185

http://secunia.com/advisories/32196

http://secunia.com/advisories/32845

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

http://www.debian.org/security/2008/dsa-1649

http://www.debian.org/security/2008/dsa-1669

http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

http://www.redhat.com/support/errata/RHSA-2008-0882.html

http://www.redhat.com/support/errata/RHSA-2008-0908.html

http://www.ubuntu.com/usn/usn-645-1

http://www.ubuntu.com/usn/usn-645-2

http://www.vupen.com/english/advisories/2008/2661

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

http://secunia.com/advisories/32007

http://secunia.com/advisories/32025

http://www.mozilla.org/security/announce/2008/mfsa2008-38.html

http://www.securityfocus.com/bid/31346

http://www.securitytracker.com/id?1020919

http://www.ubuntu.com/usn/usn-647-1

https://bugzilla.mozilla.org/show_bug.cgi?id=439034

https://exchange.xforce.ibmcloud.com/vulnerabilities/45347

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9643

https://nvd.nist.gov/vuln/detail/CVE-2008-3835

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3835

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3835

EUVD