Launchpad.net

CVE 2008-1234

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."

Related bugs and status

CVE-2008-1234 (Candidate) is related to these bugs:

Bug #469752: firefox,3.5/3.6 startup-notification bug

		In	Importance	Status
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu)	Medium	Invalid
469752	firefox,3.5/3.6 startup-notification bug	Mozilla Firefox	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Suse)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu Lucid)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu Lucid)	Medium	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: http://wiki.rpath.com/...
DEBIAN: DSA-1532
REDHAT: RHSA-2008:0208
SECUNIA: 29391
SECUNIA: 29560
DEBIAN: DSA-1534
MANDRIVA: MDVSA-2008:080
REDHAT: RHSA-2008:0207
SECTRACK: 1019694
SECUNIA: 29548
SECUNIA: 29550
SECUNIA: 29539
SECUNIA: 29558
DEBIAN: DSA-1535
UBUNTU: USN-592-1
CERT: TA08-087A
CERT-VN: VU#466521
BID: 28448
SECUNIA: 29616
SECUNIA: 29526
SECUNIA: 29541
SECUNIA: 29547
REDHAT: RHSA-2008:0209
SUSE: SUSE-SA:2008:019
SECUNIA: 29645
SECUNIA: 29607
DEBIAN: DSA-1574
SECUNIA: 30016
SECUNIA: 30094
SECUNIA: 30327
SECUNIA: 30370
SUNALERT: 239546
SECUNIA: 31043
MANDRIVA: MDVSA-2008:155
GENTOO: GLSA-200805-18
FEDORA: FEDORA-2008-3519
FEDORA: FEDORA-2008-3557
SECUNIA: 30192
SUNALERT: 238492
SECUNIA: 30620
UBUNTU: USN-605-1
SECUNIA: 30105
VUPEN: ADV-2008-0999
VUPEN: ADV-2008-0998
VUPEN: ADV-2008-2091
VUPEN: ADV-2008-1793
SLACKWARE: SSA:2008-128-02
XF: firefox-eventhandlers-...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080327 rPSA-2008-012...