Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3198

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3198
Last Modified 10 Sep 2008 09:12:04
Published 17 Jul 2008 09:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3198

Summary

Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933.

Vulnerable Systems

Application

  • Mozilla Firefox 3.0


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=441169

XF - firefox-chrome-xss(44199)

BID - 30244

CONFIRM - http://www.mozilla.org/security/announce/2008/mfsa2008-35.html


Last Updated: 27 May 2016 10:48:06