CVE-2008-3836

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 2.0.0.17 libxul0d-dbg (affected versions not specified) libxul-dev (affected versions not specified) libsmjs1 (affected versions not specified) libmozjs0d-dbg (affected versions not specified) libmozjs0d (affected versions not specified) libxul0d (affected versions not specified) libnss3-0d-dbg (affected versions not specified) libsmjs-dev (affected versions not specified) libnss3-0d (affected versions not specified) libxul-common (affected versions not specified)

Description The issue allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and certain functions, including elem.doCommand, elem.dispatchEvent, setTitleText, setTitleImage, and initSubscriptionUI. Multiple vulnerabilities in various Debian GNU/Linux packages may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For Mozilla Firefox versions prior to 2.0.0.17, update to version 2.0.0.17 or later. For libxul0d-dbg, libxul-dev, libsmjs1, libmozjs0d-dbg, libmozjs0d, libxul0d, libnss3-0d-dbg, libsmjs-dev, libnss3-0d, and libxul-common, at the moment, there is no information about a newer version that contains a fix for this vulnerability.