CVE-2008-3836 Information

Description

feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand (2) elem.dispatchEvent (3) _setTitleText (4) _setTitleImage and (5) _initSubscriptionUI functions.

Reference

http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/32012 http://secunia.com/advisories/32042 http://secunia.com/advisories/32144 http://secunia.com/advisories/32185 http://secunia.com/advisories/32196 http://secunia.com/advisories/32845 http://secunia.com/advisories/33433 http://secunia.com/advisories/34501 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.debian.org/security/2008/dsa-1649 http://www.debian.org/security/2008/dsa-1669 http://www.debian.org/security/2009/dsa-1697 http://www.mandriva.com/security/advisories?name=MDVSA-2008:205 http://www.mozilla.org/security/announce/2008/mfsa2008-39.html http://www.securityfocus.com/bid/31346 http://www.securitytracker.com/id?1020914 http://www.ubuntu.com/usn/usn-645-1 http://www.ubuntu.com/usn/usn-645-2 http://www.vupen.com/english/advisories/2008/2661 http://www.vupen.com/english/advisories/2009/0977 https://bugzilla.mozilla.org/show_bug.cgi?id=360529 https://bugzilla.mozilla.org/show_bug.cgi?id=430658 https://exchange.xforce.ibmcloud.com/vulnerabilities/45350