CVE - CVE-2008-3837

CVE-ID
CVE-2008-3837	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://www.mozilla.org/security/announce/2008/mfsa2008-40.html CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=329385 CONFIRM:http://download.novell.com/Download?buildid=WZXONb-tqBw~ DEBIAN:DSA-1669 URL:http://www.debian.org/security/2008/dsa-1669 DEBIAN:DSA-1697 URL:http://www.debian.org/security/2009/dsa-1697 DEBIAN:DSA-1649 URL:http://www.debian.org/security/2008/dsa-1649 FEDORA:FEDORA-2008-8401 URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html FEDORA:FEDORA-2008-8429 URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html FEDORA:FEDORA-2008-8425 URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html MANDRIVA:MDVSA-2008:205 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:205 REDHAT:RHSA-2008:0879 URL:http://www.redhat.com/support/errata/RHSA-2008-0879.html REDHAT:RHSA-2008:0882 URL:http://www.redhat.com/support/errata/RHSA-2008-0882.html SLACKWARE:SSA:2008-269-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232 SLACKWARE:SSA:2008-269-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422 SUNALERT:256408 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 SUSE:SUSE-SA:2008:050 URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html UBUNTU:USN-645-1 URL:http://www.ubuntu.com/usn/usn-645-1 UBUNTU:USN-645-2 URL:http://www.ubuntu.com/usn/usn-645-2 BID:31346 URL:http://www.securityfocus.com/bid/31346 OVAL:oval:org.mitre.oval:def:9950 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9950 SECUNIA:34501 URL:http://secunia.com/advisories/34501 SECUNIA:32185 URL:http://secunia.com/advisories/32185 SECUNIA:32196 URL:http://secunia.com/advisories/32196 VUPEN:ADV-2008-2661 URL:http://www.vupen.com/english/advisories/2008/2661 SECTRACK:1020922 URL:http://www.securitytracker.com/id?1020922 SECUNIA:32042 URL:http://secunia.com/advisories/32042 SECUNIA:32144 URL:http://secunia.com/advisories/32144 SECUNIA:32044 URL:http://secunia.com/advisories/32044 SECUNIA:32089 URL:http://secunia.com/advisories/32089 SECUNIA:32095 URL:http://secunia.com/advisories/32095 SECUNIA:32096 URL:http://secunia.com/advisories/32096 SECUNIA:32845 URL:http://secunia.com/advisories/32845 SECUNIA:31984 URL:http://secunia.com/advisories/31984 SECUNIA:31985 URL:http://secunia.com/advisories/31985 SECUNIA:31987 URL:http://secunia.com/advisories/31987 SECUNIA:32010 URL:http://secunia.com/advisories/32010 SECUNIA:32011 URL:http://secunia.com/advisories/32011 SECUNIA:32012 URL:http://secunia.com/advisories/32012 SECUNIA:33433 URL:http://secunia.com/advisories/33433 VUPEN:ADV-2009-0977 URL:http://www.vupen.com/english/advisories/2009/0977 XF:firefox-draganddrop-weak-security(45348) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45348
Assigning CNA
N/A
Date Entry Created
20080827	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080827)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.