CyberSecurityBoard
Sponsor Register Login

CVE-2008-3198

Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933.

Publication date: Thu, 17 Jul 2008 18:41:00 +0000


Cyber News related to CVE-2008-3198

CVE-2008-3198 - Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using ...
7 years ago
CVE-2013-3196 - The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory ...
6 years ago
CVE-2013-3197 - The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory ...
6 years ago
CVE-2013-3198 - The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory ...
6 years ago
CVE-2020-3198 - Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, ...
3 years ago
CVE-2009-3198 - Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech Affiliate Master Datafeed Parser Script 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. ...
15 years ago
CVE-2010-3198 - ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions. ...
14 years ago
CVE-2012-3198 - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Query. ...
11 years ago
CVE-2011-3198 - Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments. ...
11 years ago
CVE-2014-3198 - The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a ...
1 year ago
CVE-2005-3198 - Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands. ...
7 years ago
CVE-2015-3198 - The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL. ...
7 years ago
CVE-2016-3198 - Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass." ...
6 years ago
CVE-2007-3198 - Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter. ...
6 years ago
CVE-2018-3198 - Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with ...
5 years ago
CVE-2017-3198 - GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being ...
5 years ago
CVE-2021-3198 - By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. ...
3 years ago
CVE-2006-3198 - Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended. ...
1 year ago
CVE-2022-3198 - Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) ...
2 years ago
CVE-2023-3198 - The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message ...
1 year ago
CVE-2024-3198 - The WP Font Awesome Share Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpfai_social' shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user ...
10 months ago Tenable.com
CVE-2022-49441 - In the Linux kernel, the following vulnerability has been resolved: tty: fix deadlock caused by calling printk() under tty_port->lock pty_write() invokes kmalloc() which may invoke a normal printk() to print failure message. This can cause a deadlock ...
1 month ago Tenable.com
CVE-2025-3198 - A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An ...
4 days ago
CVE-2008-1378 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2360, CVE-2008-2361, CVE-2008-2362. Reason: This candidate has been withdrawn by its CNA. It was SPLIT into separate candidates before publication. Notes: All CVE users should ...
55 years ago Tenable.com
CVE-2008-2617 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)