CVE-2008-3836

First published: Wed Sep 24 2008(Updated: )

feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Mozilla Firefox	<=2.0.0.16
Mozilla Firefox	=0.8
Mozilla Firefox	=0.9
Mozilla Firefox	=0.9-rc
Mozilla Firefox	=0.9.1
Mozilla Firefox	=0.9.2
Mozilla Firefox	=0.9.3
Mozilla Firefox	=0.9_rc
Mozilla Firefox	=0.10
Mozilla Firefox	=0.10.1
Mozilla Firefox	=1.0
Mozilla Firefox	=1.0.1
Mozilla Firefox	=1.0.2
Mozilla Firefox	=1.0.3
Mozilla Firefox	=1.0.4
Mozilla Firefox	=1.0.5
Mozilla Firefox	=1.0.6
Mozilla Firefox	=1.0.7
Mozilla Firefox	=1.0.8
Mozilla Firefox	=1.5
Mozilla Firefox	=1.5-beta1
Mozilla Firefox	=1.5-beta2
Mozilla Firefox	=1.5.0.1
Mozilla Firefox	=1.5.0.2
Mozilla Firefox	=1.5.0.3
Mozilla Firefox	=1.5.0.4
Mozilla Firefox	=1.5.0.5
Mozilla Firefox	=1.5.0.6
Mozilla Firefox	=1.5.0.7
Mozilla Firefox	=1.5.0.8
Mozilla Firefox	=1.5.0.9
Mozilla Firefox	=1.5.0.10
Mozilla Firefox	=1.5.0.11
Mozilla Firefox	=1.5.0.12
Mozilla Firefox	=1.5.1
Mozilla Firefox	=1.5.2
Mozilla Firefox	=1.5.3
Mozilla Firefox	=1.5.4
Mozilla Firefox	=1.5.5
Mozilla Firefox	=1.5.6
Mozilla Firefox	=1.5.7
Mozilla Firefox	=1.5.8
Mozilla Firefox	=1.8
Mozilla Firefox	=2.0
Mozilla Firefox	=2.0.0.1
Mozilla Firefox	=2.0.0.10
Mozilla Firefox	=2.0.0.11
Mozilla Firefox	=2.0.0.12
Mozilla Firefox	=2.0.0.13
Mozilla Firefox	=2.0.0.14
Mozilla Firefox	=2.0.0.15

Remedy

https://bugzilla.mozilla.org/show_bug.cgi?id=360529

Remedy

https://bugzilla.mozilla.org/show_bug.cgi?id=430658

Never miss a vulnerability like this again

Reference Links

agent/type
agent/remedy
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/references
agent/author
agent/severity
agent/weakness
agent/description
agent/tags
agent/event
collector/mitre-cve
source/MITRE
vendor/mozilla
canonical/mozilla firefox
version/mozilla firefox/0.9_rc
version/mozilla firefox/0.8
version/mozilla firefox/2.0.0.12
version/mozilla firefox/1.5-beta2
version/mozilla firefox/1.5.2
version/mozilla firefox/1.5.0.6
version/mozilla firefox/1.8
version/mozilla firefox/1.5.0.10
version/mozilla firefox/1.5.0.3
version/mozilla firefox/1.5.0.11
version/mozilla firefox/2.0.0.16
version/mozilla firefox/1.5.4
version/mozilla firefox/1.0.2
version/mozilla firefox/1.5-beta1
version/mozilla firefox/1.5
version/mozilla firefox/0.9.1
version/mozilla firefox/1.0.4
version/mozilla firefox/1.0.7
version/mozilla firefox/0.10.1
version/mozilla firefox/0.9
version/mozilla firefox/1.5.6
version/mozilla firefox/2.0.0.15
version/mozilla firefox/1.0
version/mozilla firefox/1.5.0.7
version/mozilla firefox/2.0
version/mozilla firefox/1.0.1
version/mozilla firefox/2.0.0.14
version/mozilla firefox/1.5.0.8
version/mozilla firefox/1.5.0.9
version/mozilla firefox/1.5.0.5
version/mozilla firefox/1.5.7
version/mozilla firefox/1.5.0.12
version/mozilla firefox/2.0.0.11
version/mozilla firefox/1.5.0.2
version/mozilla firefox/1.0.3
version/mozilla firefox/1.5.1
version/mozilla firefox/0.9.3
version/mozilla firefox/2.0.0.13
version/mozilla firefox/2.0.0.1
version/mozilla firefox/1.5.5
version/mozilla firefox/0.9.2
version/mozilla firefox/0.9-rc
version/mozilla firefox/1.5.8
version/mozilla firefox/1.5.3
version/mozilla firefox/1.5.0.4
version/mozilla firefox/1.5.0.1
version/mozilla firefox/0.10
version/mozilla firefox/1.0.5
version/mozilla firefox/2.0.0.10
version/mozilla firefox/1.0.6
version/mozilla firefox/1.0.8

CVE-2008-3836

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact