CVE-2008-2800

Priority
Description
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote
attackers to bypass the Same Origin Policy and conduct cross-site scripting
(XSS) attacks via vectors involving (1) an event handler attached to an
outer window, (2) a SCRIPT element in an unloaded document, or (3) the
onreadystatechange handler in conjunction with an XMLHttpRequest.
Notes
 jdstrand> reduced to medium now that firefox is out
Assigned-to
asac
Package
Upstream:released (2.0.0.15)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:released (2.0.0.15)
Package
Upstream:released (2.0.0.15)
Package
Upstream:released (1.1.10)
Package
Upstream:released (1.8.1.18)
More Information

Updated: 2019-03-19 11:46:23 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)