CVE-2008-3835
First published: Wed Sep 24 2008(Updated: )
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla SeaMonkey | =1.1.10 | |
| Mozilla SeaMonkey | ||
| Thunderbird | =1.5.0.7 | |
| Firefox | =0.9_rc | |
| Thunderbird | =0.6 | |
| Mozilla SeaMonkey | =1.0.3 | |
| Firefox | =0.8 | |
| Firefox | =2.0.0.12 | |
| Thunderbird | =0.7.2 | |
| Firefox | =1.5-beta2 | |
| Thunderbird | =2.0.0.4 | |
| Firefox | =1.5.2 | |
| Mozilla SeaMonkey | =1.0.1 | |
| Thunderbird | =2.0.0.6 | |
| Mozilla SeaMonkey | =1.0.6 | |
| Firefox | =1.5.0.6 | |
| Firefox | =1.8 | |
| Mozilla SeaMonkey | =1.0.9 | |
| Thunderbird | =0.3 | |
| Firefox | =1.5.0.10 | |
| Firefox | =1.5.0.3 | |
| Thunderbird | =0.2 | |
| Mozilla SeaMonkey | =1.0 | |
| Thunderbird | =2.0_.5 | |
| Thunderbird | =1.0.7 | |
| Firefox | =1.5.0.11 | |
| Firefox | <=2.0.0.16 | |
| Mozilla SeaMonkey | =1.0.99 | |
| Thunderbird | =2.0.0.9 | |
| Firefox | =1.5.4 | |
| Thunderbird | <=2.0.0.16 | |
| Mozilla SeaMonkey | =1.0.7 | |
| Firefox | =1.0.2 | |
| Mozilla SeaMonkey | =1.0-beta | |
| Thunderbird | =2.0_.12 | |
| Thunderbird | =2.0.0.15 | |
| Firefox | =1.5-beta1 | |
| Thunderbird | =2.0.0.8 | |
| Thunderbird | =1.7.1 | |
| Thunderbird | =2.0_8 | |
| Firefox | =1.5 | |
| Thunderbird | =1.5.0.3 | |
| Firefox | =0.9.1 | |
| Thunderbird | =1.5.0.10 | |
| Firefox | =1.0.4 | |
| Firefox | =1.0.7 | |
| Thunderbird | =1.5.0.6 | |
| Mozilla SeaMonkey | =1.1 | |
| Firefox | =0.10.1 | |
| Thunderbird | =1.0 | |
| Thunderbird | =2.0.0.3 | |
| Firefox | =0.9 | |
| Thunderbird | =1.0.1 | |
| Thunderbird | =1.5-beta2 | |
| Firefox | =1.5.6 | |
| Thunderbird | =2.0.0.2 | |
| Thunderbird | ||
| Firefox | =2.0.0.15 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Mozilla SeaMonkey | =1.0.8 | |
| Thunderbird | =1.0.2 | |
| Thunderbird | =2.0.0.0 | |
| Firefox | =1.0 | |
| Mozilla SeaMonkey | =1.1.1 | |
| Firefox | =1.5.0.7 | |
| Thunderbird | =2.0.0.12 | |
| Firefox | =2.0 | |
| Thunderbird | =1.5 | |
| Firefox | =1.0.1 | |
| Thunderbird | =1.5.0.2 | |
| Firefox | =2.0.0.14 | |
| Thunderbird | =2.0.0.13 | |
| Mozilla SeaMonkey | <=1.1.11 | |
| Mozilla SeaMonkey | =1.0.5 | |
| Thunderbird | =2.0_.9 | |
| Thunderbird | =1.5.0.8 | |
| Thunderbird | =2.0.0.14 | |
| Firefox | =1.5.0.8 | |
| Thunderbird | =0.5 | |
| Thunderbird | =1.0.4 | |
| Thunderbird | =1.5.2 | |
| Firefox | =1.5.0.9 | |
| Firefox | =1.5.0.5 | |
| Firefox | =1.5.7 | |
| Firefox | =1.5.0.12 | |
| Thunderbird | =1.5.0.9 | |
| Thunderbird | =1.5.0.11 | |
| Thunderbird | =0.9 | |
| Thunderbird | =1.0.3 | |
| Thunderbird | =2.0.0.11 | |
| Thunderbird | =2.0_.13 | |
| Firefox | =2.0.0.11 | |
| Firefox | =1.5.0.2 | |
| Firefox | =1.0.3 | |
| Firefox | =1.5.1 | |
| Thunderbird | =2.0_.14 | |
| Thunderbird | =0.7.3 | |
| Firefox | =0.9.3 | |
| Firefox | =2.0.0.13 | |
| Thunderbird | =0.4 | |
| Mozilla SeaMonkey | =1.0 | |
| Thunderbird | =1.5.1 | |
| Thunderbird | =0.7 | |
| Firefox | =2.0.0.1 | |
| Thunderbird | =1.0.6 | |
| Thunderbird | =1.0.5-beta | |
| Thunderbird | =2.0.0.5 | |
| Thunderbird | =1.7.3 | |
| Mozilla SeaMonkey | =1.0.4 | |
| Firefox | =1.5.5 | |
| Firefox | =0.9.2 | |
| Thunderbird | =2.0.0.1 | |
| Thunderbird | =1.5.0.1 | |
| Thunderbird | =2.0_.4 | |
| Thunderbird | =1.0.8 | |
| Thunderbird | =0.1 | |
| Firefox | =0.9-rc | |
| Firefox | =1.5.8 | |
| Firefox | =1.5.3 | |
| Thunderbird | =0.7.1 | |
| Thunderbird | =1.0.5 | |
| Thunderbird | =0.8 | |
| Firefox | =1.5.0.4 | |
| Firefox | =1.5.0.1 | |
| Firefox | =0.10 | |
| Thunderbird | =2.0_.6 | |
| Firefox | =1.0.5 | |
| Firefox | =2.0.0.10 | |
| Firefox | =1.0.6 | |
| Thunderbird | =1.5.0.4 | |
| Firefox | =1.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://download.novell.com/Download?buildid=WZXONb-tqBw~
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
- http://secunia.com/advisories/31984
- http://secunia.com/advisories/31985
- http://secunia.com/advisories/32007
- http://secunia.com/advisories/32010
- http://secunia.com/advisories/32012
- http://secunia.com/advisories/32025
- http://secunia.com/advisories/32042
- http://secunia.com/advisories/32044
- http://secunia.com/advisories/32082
- http://secunia.com/advisories/32092
- http://secunia.com/advisories/32144
- http://secunia.com/advisories/32185
- http://secunia.com/advisories/32196
- http://secunia.com/advisories/32845
- http://secunia.com/advisories/33433
- http://secunia.com/advisories/33434
- http://secunia.com/advisories/34501
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
- http://www.debian.org/security/2008/dsa-1649
- http://www.debian.org/security/2008/dsa-1669
- http://www.debian.org/security/2009/dsa-1696
- http://www.debian.org/security/2009/dsa-1697
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:206
- http://www.mozilla.org/security/announce/2008/mfsa2008-38.html
- http://www.redhat.com/support/errata/RHSA-2008-0882.html
- http://www.redhat.com/support/errata/RHSA-2008-0908.html
- http://www.securityfocus.com/bid/31346
- http://www.securitytracker.com/id?1020919
- http://www.ubuntu.com/usn/usn-645-1
- http://www.ubuntu.com/usn/usn-645-2
- http://www.ubuntu.com/usn/usn-647-1
- http://www.vupen.com/english/advisories/2008/2661
- http://www.vupen.com/english/advisories/2009/0977
- https://bugzilla.mozilla.org/show_bug.cgi?id=439034
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45347
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9643
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
Frequently Asked Questions
What is the severity of CVE-2008-3835?
CVE-2008-3835 has a severity rating that indicates it allows remote code execution due to Same Origin Policy bypass.
How do I fix CVE-2008-3835?
To fix CVE-2008-3835, upgrade to a version of Firefox, Thunderbird, or SeaMonkey that is 2.0.0.17 or newer.
Which software is affected by CVE-2008-3835?
CVE-2008-3835 affects Mozilla Firefox versions prior to 2.0.0.17, Thunderbird versions before 2.0.0.17, and SeaMonkey versions prior to 1.1.12.
What does CVE-2008-3835 exploit?
CVE-2008-3835 exploits the nsXMLDocument::OnChannelRedirect function to execute arbitrary JavaScript code remotely.
Can CVE-2008-3835 lead to data breaches?
Yes, CVE-2008-3835 can lead to data breaches as it allows execution of arbitrary JavaScript which could access sensitive information.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.1.10
- canonical/thunderbird
- version/thunderbird/1.5.0.7
- canonical/firefox
- version/firefox/0.9_rc
- version/thunderbird/0.6
- version/mozilla seamonkey/1.0.3
- version/firefox/0.8
- version/firefox/2.0.0.12
- version/thunderbird/0.7.2
- version/firefox/1.5-beta2
- version/thunderbird/2.0.0.4
- version/firefox/1.5.2
- version/mozilla seamonkey/1.0.1
- version/thunderbird/2.0.0.6
- version/mozilla seamonkey/1.0.6
- version/firefox/1.5.0.6
- version/firefox/1.8
- version/mozilla seamonkey/1.0.9
- version/thunderbird/0.3
- version/firefox/1.5.0.10
- version/firefox/1.5.0.3
- version/thunderbird/0.2
- version/mozilla seamonkey/1.0
- version/thunderbird/2.0_.5
- version/thunderbird/1.0.7
- version/firefox/1.5.0.11
- version/firefox/2.0.0.16
- version/mozilla seamonkey/1.0.99
- version/thunderbird/2.0.0.9
- version/firefox/1.5.4
- version/thunderbird/2.0.0.16
- version/mozilla seamonkey/1.0.7
- version/firefox/1.0.2
- version/mozilla seamonkey/1.0-beta
- version/thunderbird/2.0_.12
- version/thunderbird/2.0.0.15
- version/firefox/1.5-beta1
- version/thunderbird/2.0.0.8
- version/thunderbird/1.7.1
- version/thunderbird/2.0_8
- version/firefox/1.5
- version/thunderbird/1.5.0.3
- version/firefox/0.9.1
- version/thunderbird/1.5.0.10
- version/firefox/1.0.4
- version/firefox/1.0.7
- version/thunderbird/1.5.0.6
- version/mozilla seamonkey/1.1
- version/firefox/0.10.1
- version/thunderbird/1.0
- version/thunderbird/2.0.0.3
- version/firefox/0.9
- version/thunderbird/1.0.1
- version/thunderbird/1.5-beta2
- version/firefox/1.5.6
- version/thunderbird/2.0.0.2
- version/firefox/2.0.0.15
- version/mozilla seamonkey/1.0.2
- version/mozilla seamonkey/1.0.8
- version/thunderbird/1.0.2
- version/thunderbird/2.0.0.0
- version/firefox/1.0
- version/mozilla seamonkey/1.1.1
- version/firefox/1.5.0.7
- version/thunderbird/2.0.0.12
- version/firefox/2.0
- version/thunderbird/1.5
- version/firefox/1.0.1
- version/thunderbird/1.5.0.2
- version/firefox/2.0.0.14
- version/thunderbird/2.0.0.13
- version/mozilla seamonkey/1.1.11
- version/mozilla seamonkey/1.0.5
- version/thunderbird/2.0_.9
- version/thunderbird/1.5.0.8
- version/thunderbird/2.0.0.14
- version/firefox/1.5.0.8
- version/thunderbird/0.5
- version/thunderbird/1.0.4
- version/thunderbird/1.5.2
- version/firefox/1.5.0.9
- version/firefox/1.5.0.5
- version/firefox/1.5.7
- version/firefox/1.5.0.12
- version/thunderbird/1.5.0.9
- version/thunderbird/1.5.0.11
- version/thunderbird/0.9
- version/thunderbird/1.0.3
- version/thunderbird/2.0.0.11
- version/thunderbird/2.0_.13
- version/firefox/2.0.0.11
- version/firefox/1.5.0.2
- version/firefox/1.0.3
- version/firefox/1.5.1
- version/thunderbird/2.0_.14
- version/thunderbird/0.7.3
- version/firefox/0.9.3
- version/firefox/2.0.0.13
- version/thunderbird/0.4
- version/thunderbird/1.5.1
- version/thunderbird/0.7
- version/firefox/2.0.0.1
- version/thunderbird/1.0.6
- version/thunderbird/1.0.5-beta
- version/thunderbird/2.0.0.5
- version/thunderbird/1.7.3
- version/mozilla seamonkey/1.0.4
- version/firefox/1.5.5
- version/firefox/0.9.2
- version/thunderbird/2.0.0.1
- version/thunderbird/1.5.0.1
- version/thunderbird/2.0_.4
- version/thunderbird/1.0.8
- version/thunderbird/0.1
- version/firefox/0.9-rc
- version/firefox/1.5.8
- version/firefox/1.5.3
- version/thunderbird/0.7.1
- version/thunderbird/1.0.5
- version/thunderbird/0.8
- version/firefox/1.5.0.4
- version/firefox/1.5.0.1
- version/firefox/0.10
- version/thunderbird/2.0_.6
- version/firefox/1.0.5
- version/firefox/2.0.0.10
- version/firefox/1.0.6
- version/thunderbird/1.5.0.4
- version/firefox/1.0.8