Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2008-3837

Disclosure Date: September 24, 2008
CVE-2008-3837
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • mozilla

Products

  • debian linux 4.0,
  • firefox,
  • seamonkey,
  • ubuntu linux 6.06,
  • ubuntu linux 7.04,
  • ubuntu linux 7.10,
  • ubuntu linux 8.04

References

Canonical
CVE-2008-3837 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837)
BID-31346 (http://www.securityfocus.com/bid/31346)
Advisory
SECUNIA-32011 (http://secunia.com/advisories/32011)
DSA-1697 (http://www.debian.org/security/2009/dsa-1697)
SECUNIA-32096 (http://secunia.com/advisories/32096)
FEDORA-2008-8401 (https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html)
USN-645-1 (http://www.ubuntu.com/usn/usn-645-1)
XF-firefox-draganddrop-weak-security(45348) (https://exchange.xforce.ibmcloud.com/vulnerabilities/45348)
SECUNIA-32144 (http://secunia.com/advisories/32144)
SECUNIA-32010 (http://secunia.com/advisories/32010)
ADV-2009-0977 (http://www.vupen.com/english/advisories/2009/0977)
USN-645-2 (http://www.ubuntu.com/usn/usn-645-2)
SECUNIA-31985 (http://secunia.com/advisories/31985)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
SECUNIA-31984 (http://secunia.com/advisories/31984)
SECUNIA-32185 (http://secunia.com/advisories/32185)
SECUNIA-32196 (http://secunia.com/advisories/32196)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9950
FEDORA-2008-8425 (https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html)
DSA-1669 (http://www.debian.org/security/2008/dsa-1669)
http://www.mozilla.org/security/announce/2008/mfsa2008-40.html
SECUNIA-32042 (http://secunia.com/advisories/32042)
SECUNIA-33433 (http://secunia.com/advisories/33433)
ADV-2008-2661 (http://www.vupen.com/english/advisories/2008/2661)
SECUNIA-32095 (http://secunia.com/advisories/32095)
SECUNIA-32089 (http://secunia.com/advisories/32089)
SUNALERT-256408 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1)
SECTRACK-1020922 (http://www.securitytracker.com/id?1020922)
http://www.redhat.com/support/errata/RHSA-2008-0879.html
https://bugzilla.mozilla.org/show_bug.cgi?id=329385
http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
http://download.novell.com/Download?buildid=WZXONb-tqBw~
FEDORA-2008-8429 (https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html)
SECUNIA-31987 (http://secunia.com/advisories/31987)
http://www.redhat.com/support/errata/RHSA-2008-0882.html
SECUNIA-32845 (http://secunia.com/advisories/32845)
DSA-1649 (http://www.debian.org/security/2008/dsa-1649)
SECUNIA-32012 (http://secunia.com/advisories/32012)
SECUNIA-32044 (http://secunia.com/advisories/32044)
SECUNIA-34501 (http://secunia.com/advisories/34501)
Miscellaneous
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis