Your submission was sent successfully! Close

CVE-2008-2800

Published: 07 July 2008

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.15)
firefox-3.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

iceape
Launchpad, Ubuntu, Debian
Upstream Needs triage

icedove
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.15)
iceweasel
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.15)
seamonkey
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.10)
xulrunner
Launchpad, Ubuntu, Debian
Upstream
Released (1.8.1.18)