CVE-2008-3836

Published: Sep 24, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions.

Affected (51)

Products: Mozilla: Firefox

1 product

Configuration A

51 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 2.0.0.16
Mozilla Firefox	Version 0.10.1
Mozilla Firefox	Version 0.10
Mozilla Firefox	Version 0.8
Mozilla Firefox	Version 0.9.1
Mozilla Firefox	Version 0.9.2
Mozilla Firefox	Version 0.9.3
Mozilla Firefox	Version 0.9
Mozilla Firefox	Version 0.9 rc
Mozilla Firefox	Version 0.9_rc
Mozilla Firefox	Version 1.0.1
Mozilla Firefox	Version 1.0.2
Mozilla Firefox	Version 1.0.3
Mozilla Firefox	Version 1.0.4
Mozilla Firefox	Version 1.0.5
Mozilla Firefox	Version 1.0.6
Mozilla Firefox	Version 1.0.7
Mozilla Firefox	Version 1.0.8
Mozilla Firefox	Version 1.0
Mozilla Firefox	Version 1.5.0.10
Mozilla Firefox	Version 1.5.0.11
Mozilla Firefox	Version 1.5.0.12
Mozilla Firefox	Version 1.5.0.1
Mozilla Firefox	Version 1.5.0.2
Mozilla Firefox	Version 1.5.0.3
Mozilla Firefox	Version 1.5.0.4
Mozilla Firefox	Version 1.5.0.5
Mozilla Firefox	Version 1.5.0.6
Mozilla Firefox	Version 1.5.0.7
Mozilla Firefox	Version 1.5.0.8
Mozilla Firefox	Version 1.5.0.9
Mozilla Firefox	Version 1.5.1
Mozilla Firefox	Version 1.5.2
Mozilla Firefox	Version 1.5.3
Mozilla Firefox	Version 1.5.4
Mozilla Firefox	Version 1.5.5
Mozilla Firefox	Version 1.5.6
Mozilla Firefox	Version 1.5.7
Mozilla Firefox	Version 1.5.8
Mozilla Firefox	Version 1.5
Mozilla Firefox	Version 1.5 beta1
Mozilla Firefox	Version 1.5 beta2
Mozilla Firefox	Version 1.8
Mozilla Firefox	Version 2.0.0.10
Mozilla Firefox	Version 2.0.0.11
Mozilla Firefox	Version 2.0.0.12
Mozilla Firefox	Version 2.0.0.13
Mozilla Firefox	Version 2.0.0.14
Mozilla Firefox	Version 2.0.0.15
Mozilla Firefox	Version 2.0.0.1
Mozilla Firefox	Version 2.0

Related CWEs

References (54)

http://download.novell.com/Download?buildid=WZXONb-tqBw~

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

Source: secalert@redhat.com

http://secunia.com/advisories/31984

Source: secalert@redhat.com

http://secunia.com/advisories/32012

Source: secalert@redhat.com

http://secunia.com/advisories/32042

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/32144

Source: secalert@redhat.com

http://secunia.com/advisories/32185

Source: secalert@redhat.com

http://secunia.com/advisories/32196

Source: secalert@redhat.com

http://secunia.com/advisories/32845

Source: secalert@redhat.com

http://secunia.com/advisories/33433

Source: secalert@redhat.com

http://secunia.com/advisories/34501

Source: secalert@redhat.com

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Source: secalert@redhat.com

http://www.debian.org/security/2008/dsa-1649

Source: secalert@redhat.com

http://www.debian.org/security/2008/dsa-1669

Source: secalert@redhat.com

http://www.debian.org/security/2009/dsa-1697

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

Source: secalert@redhat.com

http://www.mozilla.org/security/announce/2008/mfsa2008-39.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/31346

Source: secalert@redhat.com

http://www.securitytracker.com/id?1020914

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-645-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-645-2

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/2661

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/0977

Source: secalert@redhat.com

https://bugzilla.mozilla.org/show_bug.cgi?id=360529

Source: secalert@redhat.com

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=430658

Source: secalert@redhat.com

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/45350

Source: secalert@redhat.com

http://download.novell.com/Download?buildid=WZXONb-tqBw~

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31984

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32012

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32042

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/32144

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32185

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32196

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32845

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33433

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34501

Source: af854a3a-2127-422b-91ae-364da2661108

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

Source: af854a3a-2127-422b-91ae-364da2661108

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1649

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1669

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1697

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2008/mfsa2008-39.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31346

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020914

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-645-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-645-2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2661

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/0977

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=360529

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=430658

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/45350

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.