246004 – (CVE-2008-4723) www-client/mozilla-firefox-3.0.{1-3} Multiple XSS vulnerabilities (CVE-2008-{4723,4724})

Bug 246004 (CVE-2008-4723) - www-client/mozilla-firefox-3.0.{1-3} Multiple XSS vulnerabilities (CVE-2008-{4723,4724})

Summary: www-client/mozilla-firefox-3.0.{1-3} Multiple XSS vulnerabilities (CVE-2008-{...

Status:	RESOLVED FIXED

Alias:	CVE-2008-4723

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:	~2
Keywords:

Depends on:
Blocks:

Reported:	2008-11-07 21:16 UTC by Stefan Behte (RETIRED)
Modified:	2008-11-30 16:17 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2008-11-07 21:16:19 UTC

CVE-2008-4723 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4723):
  Multiple cross-site scripting (XSS) vulnerabilities in Mozilla
  Firefox 3.0.1 through 3.0.3 allow remote attackers to inject
  arbitrary web script or HTML via an ftp:// URL for an HTML document
  within a (1) JPG, (2) PDF, or (3) TXT file.  NOTE: the provenance of
  this information is unknown; the details are obtained solely from
  third party information.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2008-11-30 16:17:18 UTC

Fixed in 3.0.4, closing noglsa.