CVE-2008-0415

N/A Unknown
Published: February 08, 2008 Modified: April 23, 2026
View on NVD

Description

Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://browser.netscape.com/releasenotes/
Source: secalert@redhat.com
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
Source: secalert@redhat.com
http://secunia.com/advisories/28754
Source: secalert@redhat.com
http://secunia.com/advisories/28758
Source: secalert@redhat.com
http://secunia.com/advisories/28766
Source: secalert@redhat.com
http://secunia.com/advisories/28808
Source: secalert@redhat.com
http://secunia.com/advisories/28815
Source: secalert@redhat.com
http://secunia.com/advisories/28818
Source: secalert@redhat.com
http://secunia.com/advisories/28839
Source: secalert@redhat.com
http://secunia.com/advisories/28864
Source: secalert@redhat.com
http://secunia.com/advisories/28865
Source: secalert@redhat.com
http://secunia.com/advisories/28877
Source: secalert@redhat.com
http://secunia.com/advisories/28879
Source: secalert@redhat.com
http://secunia.com/advisories/28924
Source: secalert@redhat.com
http://secunia.com/advisories/28939
Source: secalert@redhat.com
http://secunia.com/advisories/28958
Source: secalert@redhat.com
http://secunia.com/advisories/29049
Source: secalert@redhat.com
http://secunia.com/advisories/29086
Source: secalert@redhat.com
http://secunia.com/advisories/29098
Source: secalert@redhat.com
http://secunia.com/advisories/29164
Source: secalert@redhat.com
http://secunia.com/advisories/29167
Source: secalert@redhat.com
http://secunia.com/advisories/29211
Source: secalert@redhat.com
http://secunia.com/advisories/29567
Source: secalert@redhat.com
http://secunia.com/advisories/30327
Source: secalert@redhat.com
http://secunia.com/advisories/30620
Source: secalert@redhat.com
http://secunia.com/advisories/31043
Source: secalert@redhat.com
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399
Source: secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
Source: secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
Source: secalert@redhat.com
http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
Source: secalert@redhat.com
http://wiki.rpath.com/Advisories:rPSA-2008-0051
Source: secalert@redhat.com
http://wiki.rpath.com/Advisories:rPSA-2008-0093
Source: secalert@redhat.com
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1484
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1485
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1489
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1506
Source: secalert@redhat.com
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
Source: secalert@redhat.com
http://www.mandriva.com/security/advisories?name=MDVSA-2008:048
Source: secalert@redhat.com
http://www.mandriva.com/security/advisories?name=MDVSA-2008:062
Source: secalert@redhat.com
http://www.mozilla.org/security/announce/2008/mfsa2008-03.html
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2008-0103.html
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2008-0104.html
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2008-0105.html
Source: secalert@redhat.com
http://www.securityfocus.com/archive/1/487826/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/archive/1/488002/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/archive/1/488971/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/bid/27683
Source: secalert@redhat.com
http://www.securitytracker.com/id?1019327
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-576-1
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-582-1
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-582-2
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/0453/references
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/0454/references
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/0627/references
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/1793/references
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/2091/references
Source: secalert@redhat.com
https://bugzilla.mozilla.org/buglist.cgi?bug_id=386695%2C393761%2C393762%2C399298%2C407289%2C372075%2C363597
Source: secalert@redhat.com
https://issues.rpath.com/browse/RPL-1995
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9897
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html
Source: secalert@redhat.com
http://browser.netscape.com/releasenotes/
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28754
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28758
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28766
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28808
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28815
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28818
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28839
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28864
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28865
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28877
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28879
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28924
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28939
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28958
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29049
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29086
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29098
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29164
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29167
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29211
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29567
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/30327
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/30620
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31043
Source: af854a3a-2127-422b-91ae-364da2661108
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/Advisories:rPSA-2008-0051
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/Advisories:rPSA-2008-0093
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1484
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1485
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1489
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1506
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2008:048
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2008:062
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mozilla.org/security/announce/2008/mfsa2008-03.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2008-0103.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2008-0104.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2008-0105.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/487826/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/488002/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/488971/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/27683
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1019327
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-576-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-582-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-582-2
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0453/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0454/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0627/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/1793/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/2091/references
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.mozilla.org/buglist.cgi?bug_id=386695%2C393761%2C393762%2C399298%2C407289%2C372075%2C363597
Source: af854a3a-2127-422b-91ae-364da2661108
https://issues.rpath.com/browse/RPL-1995
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9897
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html
Source: af854a3a-2127-422b-91ae-364da2661108

130 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
2.0%
84th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Affected Vendors

mozilla

Related CVEs

CVE-2026-6222 5.3
CVE-2026-40003 5.1
CVE-2026-44597 3.7
CVE-2026-6278 N/A
CVE-2026-41484 5.3