1. Home
  2. Vulnerabilities
  3. CVE-2008-1234

CVE-2008-1234

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.66 % (80th)
0.66% Progress
Affected Products 3
Advisories 11
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2008-03-27 10:44:00
(16 years ago)
Updated Date
2018-10-11 20:30:30
(6 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 2.0.0.12 and prior versions cpe:2.3:a:mozilla:firefox <= 2.0.0.12
  Mozilla Seamonkey 1.1.8 and prior versions cpe:2.3:a:mozilla:seamonkey <= 1.1.8
  Mozilla Thunderbird 2.0.0.12 and prior versions cpe:2.3:a:mozilla:thunderbird <= 2.0.0.12