Unrated severityNVD Advisory· Published Mar 27, 2008· Updated Apr 23, 2026

CVE-2008-1234

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."

Affected products

Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Range: <=2.0.0.12
Mozilla Corporation/Seamonkey
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Range: <=1.1.8
Mozilla Corporation/Thunderbird
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Range: <=2.0.0.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/466521nvdUS Government Resource
www.us-cert.gov/cas/techalerts/TA08-087A.htmlnvdUS Government Resource
lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.htmlnvd
rhn.redhat.com/errata/RHSA-2008-0208.htmlnvd
secunia.com/advisories/29391nvd
secunia.com/advisories/29526nvd
secunia.com/advisories/29539nvd
secunia.com/advisories/29541nvd
secunia.com/advisories/29547nvd
secunia.com/advisories/29548nvd
secunia.com/advisories/29550nvd
secunia.com/advisories/29558nvd
secunia.com/advisories/29560nvd
secunia.com/advisories/29607nvd
secunia.com/advisories/29616nvd
secunia.com/advisories/29645nvd
secunia.com/advisories/30016nvd
secunia.com/advisories/30094nvd
secunia.com/advisories/30105nvd
secunia.com/advisories/30192nvd
secunia.com/advisories/30327nvd
secunia.com/advisories/30370nvd
secunia.com/advisories/30620nvd
secunia.com/advisories/31043nvd
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
wiki.rpath.com/wiki/Advisories:rPSA-2008-0128nvd
www.debian.org/security/2008/dsa-1532nvd
www.debian.org/security/2008/dsa-1534nvd
www.debian.org/security/2008/dsa-1535nvd
www.debian.org/security/2008/dsa-1574nvd
www.gentoo.org/security/en/glsa/glsa-200805-18.xmlnvd
www.mandriva.com/security/advisoriesnvd
www.mandriva.com/security/advisoriesnvd
www.mozilla.org/security/announce/2008/mfsa2008-14.htmlnvd
www.redhat.com/support/errata/RHSA-2008-0207.htmlnvd
www.redhat.com/support/errata/RHSA-2008-0209.htmlnvd
www.securityfocus.com/archive/1/490196/100/0/threadednvd
www.securityfocus.com/bid/28448nvd
www.securitytracker.com/idnvd
www.slackware.com/security/viewer.phpnvd
www.ubuntu.com/usn/usn-592-1nvd
www.ubuntu.com/usn/usn-605-1nvd
www.vupen.com/english/advisories/2008/0998/referencesnvd
www.vupen.com/english/advisories/2008/0999/referencesnvd
www.vupen.com/english/advisories/2008/1793/referencesnvd
www.vupen.com/english/advisories/2008/2091/referencesnvd
exchange.xforce.ibmcloud.com/vulnerabilities/41455nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9551nvd
www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.htmlnvd
www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000