Home > Vulnerability Database > CVE-2008-3835

Mend.io Vulnerability Database

CVE-2008-3835

Date: September 24, 2008

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.

Severity Score

7.3

Related Resources (48)

Url: http://www.debian.org/security/2009/dsa-1696

Url: http://secunia.com/advisories/32012

Url: http://www.debian.org/security/2009/dsa-1697

Url: http://secunia.com/advisories/32010

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/45347

Url: http://secunia.com/advisories/32196

Url: http://secunia.com/advisories/31985

Url: http://secunia.com/advisories/31984

Url: http://www.securitytracker.com/id?1020919

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-38.html

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

Url: http://www.vupen.com/english/advisories/2009/0977

Url: http://secunia.com/advisories/32082

Url: http://www.redhat.com/support/errata/RHSA-2008-0882.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-3835

Url: http://www.redhat.com/support/errata/RHSA-2008-0908.html

Url: http://www.vupen.com/english/advisories/2008/2661

Url: http://www.debian.org/security/2008/dsa-1649

Url: http://download.novell.com/Download?buildid=WZXONb-tqBw~

Url: http://www.debian.org/security/2008/dsa-1669

Url: http://secunia.com/advisories/33433

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-3835

Url: http://secunia.com/advisories/32144

Url: http://secunia.com/advisories/33434

Url: http://secunia.com/advisories/34501

Url: http://secunia.com/advisories/32044

Url: http://secunia.com/advisories/32185

Url: http://secunia.com/advisories/32042

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=439034

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

Url: http://secunia.com/advisories/32845

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

Url: http://secunia.com/advisories/32007

Url: https://access.redhat.com/security/cve/CVE-2008-3835

Url: http://secunia.com/advisories/32025

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9643

Url: http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

Url: http://secunia.com/advisories/32092

Url: http://www.securityfocus.com/bid/31346

Url: http://www.ubuntu.com/usn/usn-645-1

Url: http://www.ubuntu.com/usn/usn-645-2

Url: http://www.ubuntu.com/usn/usn-647-1

Url: https://www.mend.io/vulnerability-database/CVE-2008-3835

Severity Score

7.3

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-3835

Date: September 24, 2008

Severity Score

Related Resources (48)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?