CVE-2008-1234

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka Universal XSS using event handlers.

Risk Information

Base Score

6.1

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

7.194

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 2.0.0.12	Windows
Multiple vulnerabilities affected in Mozilla Thunderbird 2.0.0.12	Windows
Multiple vulnerabilities affected in Mozilla_Firefox 2.0.0.12	Windows
Multiple vulnerabilities affected in SeaMonkey 1.1.8	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 2.0.0.12	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 2.0.0.12	Windows
Multiple Vulnerabilities are affected in Mozilla Thunderbird 2.0.0.12	Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 2.0.0.13	Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-343016	Mozilla Firefox (x64) (132.0.2)
PATCH-315938	Mozilla Thunderbird (68.12.0)
PATCH-343015	Mozilla Firefox (132.0.2)
PATCH-341197	SeaMonkey (2.53.19)
PATCH-613630	Mozilla Firefox For Mac (147.0.4)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234