CVE-2008-3835

Published: 24 September 2008

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.

Priority

Status

Package	Release	Status
thunderbird Launchpad, Ubuntu, Debian	feisty	Does not exist
	dapper	Does not exist
	gutsy	Released (2.0.0.17+nobinonly-0ubuntu0.7.10.1)
	hardy	Released (2.0.0.17+nobinonly-0ubuntu0.8.04.1)
	intrepid	Released (2.0.0.17+nobinonly-0ubuntu1)
	jaunty	Released (2.0.0.17+nobinonly-0ubuntu1)
	karmic	Released (2.0.0.17+nobinonly-0ubuntu1)
	lucid	Released (2.0.0.17+nobinonly-0ubuntu1)
	maverick	Released (2.0.0.17+nobinonly-0ubuntu1)
	natty	Released (2.0.0.17+nobinonly-0ubuntu1)
	upstream	Released (2.0.0.17)
firefox Launchpad, Ubuntu, Debian	dapper	Released (1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3)
	feisty	Released (2.0.0.17+0nobinonly-0ubuntu0.7.4)
	gutsy	Released (2.0.0.17+1nobinonly-0ubuntu0.7.10)
	hardy	Released (2.0.0.17+1nobinonly-0ubuntu0.8.04.1)
	intrepid	Does not exist
	jaunty	Does not exist
	karmic	Does not exist
	lucid	Released (3.0.3+build1+nobinonly-0ubuntu0.8.04.1)
	maverick	Released (3.0.3+build1+nobinonly-0ubuntu0.8.04.1)
	natty	Released (3.0.3+build1+nobinonly-0ubuntu0.8.04.1)
	upstream	Released (2.0.0.17)
firefox-3.0 Launchpad, Ubuntu, Debian	dapper	Does not exist
	feisty	Does not exist
	gutsy	Ignored (end of life, was needed)
	hardy	Released (3.0.3+build1+nobinonly-0ubuntu0.8.04.1)
	intrepid	Released (3.0.3+build1+nobinonly-0ubuntu1)
	jaunty	Released (3.0.3+build1+nobinonly-0ubuntu1)
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	upstream	Released (3.0.3)
iceape Launchpad, Ubuntu, Debian	dapper	Does not exist
	feisty	Does not exist
	gutsy	Ignored (end of life, was needed)
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Does not exist
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	upstream	Needs triage
mozilla-thunderbird Launchpad, Ubuntu, Debian	dapper	Released (1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1)
	feisty	Released (1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1)
	gutsy	Does not exist
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Does not exist
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	upstream	Needs triage
seamonkey Launchpad, Ubuntu, Debian	dapper	Does not exist
	feisty	Does not exist
	gutsy	Does not exist
	hardy	Released (1.1.12+nobinonly-0ubuntu0.8.04.1)
	intrepid	Released (1.1.12+nobinonly-0ubuntu1)
	jaunty	Released (1.1.12+nobinonly-0ubuntu1)
	karmic	Released (1.1.12+nobinonly-0ubuntu1)
	lucid	Released (1.1.12+nobinonly-0ubuntu1)
	maverick	Released (1.1.12+nobinonly-0ubuntu1)
	natty	Released (1.1.12+nobinonly-0ubuntu1)
	upstream	Released (1.1.12)
xulrunner Launchpad, Ubuntu, Debian	dapper	Does not exist
	feisty	Ignored (end of life, was needed)
	gutsy	Released (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1)
	hardy	Released (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1)
	intrepid	Released (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1)
	jaunty	Ignored (end of life)
	karmic	Ignored (end of life)
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	upstream	Needs triage
xulrunner-1.9 Launchpad, Ubuntu, Debian	dapper	Does not exist
	feisty	Does not exist
	gutsy	Ignored (end of life, was needed)
	hardy	Released (1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1)
	intrepid	Released (1.9.0.3+build1+nobinonly-0ubuntu2)
	jaunty	Released (1.9.0.3+build1+nobinonly-0ubuntu2)
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	upstream	Released (1.9.0.3)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›