Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 246004 (CVE-2008-4723)

Summary: www-client/mozilla-firefox-3.0.{1-3} Multiple XSS vulnerabilities (CVE-2008-{4723,4724})
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: glua
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4723
Whiteboard: ~2
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2008-11-07 21:16:19 UTC 
CVE-2008-4723 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4723):
  Multiple cross-site scripting (XSS) vulnerabilities in Mozilla
  Firefox 3.0.1 through 3.0.3 allow remote attackers to inject
  arbitrary web script or HTML via an ftp:// URL for an HTML document
  within a (1) JPG, (2) PDF, or (3) TXT file.  NOTE: the provenance of
  this information is unknown; the details are obtained solely from
  third party information.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-30 16:17:18 UTC 
Fixed in 3.0.4, closing noglsa.