Home > Vulnerability Database > CVE-2008-3836

Mend.io Vulnerability Database

CVE-2008-3836

Date: September 24, 2008

feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions.

Severity Score

7.3

Related Resources (30)

Url: http://secunia.com/advisories/32012

Url: http://www.debian.org/security/2009/dsa-1697

Url: http://secunia.com/advisories/32196

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-39.html

Url: http://secunia.com/advisories/31984

Url: http://www.securitytracker.com/id?1020914

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-3836

Url: http://www.vupen.com/english/advisories/2009/0977

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/45350

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=430658

Url: http://www.vupen.com/english/advisories/2008/2661

Url: http://www.debian.org/security/2008/dsa-1649

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=360529

Url: http://download.novell.com/Download?buildid=WZXONb-tqBw~

Url: http://www.debian.org/security/2008/dsa-1669

Url: http://secunia.com/advisories/33433

Url: http://secunia.com/advisories/32144

Url: http://secunia.com/advisories/34501

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-3836

Url: http://secunia.com/advisories/32185

Url: http://secunia.com/advisories/32042

Url: http://secunia.com/advisories/32845

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

Url: http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Url: http://www.securityfocus.com/bid/31346

Url: http://www.ubuntu.com/usn/usn-645-1

Url: http://www.ubuntu.com/usn/usn-645-2

Url: https://www.mend.io/vulnerability-database/CVE-2008-3836

Severity Score

7.3

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-3836

Date: September 24, 2008

Severity Score

Related Resources (30)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?