Lucene search

RedhatCVE-2008-1235

HistoryMar 27, 2008 - 10:44 a.m.

CVE-2008-1235

2008-03-2710:44:00

redhat

web.nvd.nist.gov

cve-2008-1235

mozilla firefox

thunderbird

seamonkey

vulnerability

remote code execution

privilege escalation

javascript

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

9.8

Confidence

High

EPSS

0.461

Percentile

97.5%

JSON

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka “Privilege escalation via incorrect principals.”

Affected configurations

Nvd

Node

mozillafirefoxRange≤2.0.0.12

mozillafirefoxMatch0.1

mozillafirefoxMatch0.2

mozillafirefoxMatch0.4

mozillafirefoxMatch0.5

mozillafirefoxMatch0.6

mozillafirefoxMatch0.6.1

mozillafirefoxMatch0.7

mozillafirefoxMatch0.7.1

mozillafirefoxMatch0.8

mozillafirefoxMatch0.9

mozillafirefoxMatch0.9.1

mozillafirefoxMatch0.9.2

mozillafirefoxMatch0.9.3

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0preview_release

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillafirefoxMatch1.0.5

mozillafirefoxMatch1.0.6

mozillafirefoxMatch1.0.7

mozillafirefoxMatch1.0.8

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillafirefoxMatch1.5.0.5

mozillafirefoxMatch1.5.0.6

mozillafirefoxMatch1.5.0.7

mozillafirefoxMatch1.5.0.8

mozillafirefoxMatch1.5.0.9

mozillafirefoxMatch1.5.0.10

mozillafirefoxMatch1.5.0.11

mozillafirefoxMatch1.5.0.12

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillafirefoxMatch2.0.0.7

mozillafirefoxMatch2.0.0.8

mozillafirefoxMatch2.0.0.9

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillaseamonkeyRange≤1.1.8

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillathunderbirdRange≤2.0.0.12

mozillathunderbirdMatch0.1

mozillathunderbirdMatch0.2

mozillathunderbirdMatch0.3

mozillathunderbirdMatch0.4

mozillathunderbirdMatch0.5

mozillathunderbirdMatch0.6

mozillathunderbirdMatch0.7

mozillathunderbirdMatch0.8

mozillathunderbirdMatch0.9

mozillathunderbirdMatch1.0

mozillathunderbirdMatch1.0.2

mozillathunderbirdMatch1.0.4

mozillathunderbirdMatch1.0.5

mozillathunderbirdMatch1.0.6

mozillathunderbirdMatch1.0.7

mozillathunderbirdMatch1.0.8

mozillathunderbirdMatch1.5

mozillathunderbirdMatch1.5.0.2

mozillathunderbirdMatch1.5.0.4

mozillathunderbirdMatch1.5.0.5

mozillathunderbirdMatch1.5.0.7

mozillathunderbirdMatch1.5.0.8

mozillathunderbirdMatch1.5.0.9

mozillathunderbirdMatch1.5.0.10

mozillathunderbirdMatch1.5.0.12

mozillathunderbirdMatch1.5.0.13

mozillathunderbirdMatch1.5.0.14

mozillathunderbirdMatch2.0.0.0

mozillathunderbirdMatch2.0.0.4

mozillathunderbirdMatch2.0.0.5

mozillathunderbirdMatch2.0.0.6

mozillathunderbirdMatch2.0.0.9

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox0.1cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
mozillafirefox0.2cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
mozillafirefox0.4cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
mozillafirefox0.5cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
mozillafirefox0.6cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
mozillafirefox0.6.1cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
mozillafirefox0.7cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
mozillafirefox0.7.1cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
mozillafirefox0.8cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	0.1	cpe:2.3:a:mozilla:firefox:0.1:::::::*
mozilla	firefox	0.2	cpe:2.3:a:mozilla:firefox:0.2:::::::*
mozilla	firefox	0.4	cpe:2.3:a:mozilla:firefox:0.4:::::::*
mozilla	firefox	0.5	cpe:2.3:a:mozilla:firefox:0.5:::::::*
mozilla	firefox	0.6	cpe:2.3:a:mozilla:firefox:0.6:::::::*
mozilla	firefox	0.6.1	cpe:2.3:a:mozilla:firefox:0.6.1:::::::*
mozilla	firefox	0.7	cpe:2.3:a:mozilla:firefox:0.7:::::::*
mozilla	firefox	0.7.1	cpe:2.3:a:mozilla:firefox:0.7.1:::::::*
mozilla	firefox	0.8	cpe:2.3:a:mozilla:firefox:0.8:::::::*

Rows per page:

1-10 of 1051

References

lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

rhn.redhat.com/errata/RHSA-2008-0208.html

secunia.com/advisories/29391

secunia.com/advisories/29526

secunia.com/advisories/29539

secunia.com/advisories/29541

secunia.com/advisories/29547

secunia.com/advisories/29548

secunia.com/advisories/29550

secunia.com/advisories/29558

secunia.com/advisories/29560

secunia.com/advisories/29607

secunia.com/advisories/29616

secunia.com/advisories/29645

secunia.com/advisories/30016

secunia.com/advisories/30094

secunia.com/advisories/30105

secunia.com/advisories/30192

secunia.com/advisories/30327

secunia.com/advisories/30370

secunia.com/advisories/30620

secunia.com/advisories/31043

sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

www.debian.org/security/2008/dsa-1532

www.debian.org/security/2008/dsa-1534

www.debian.org/security/2008/dsa-1535

www.debian.org/security/2008/dsa-1574

www.gentoo.org/security/en/glsa/glsa-200805-18.xml

www.kb.cert.org/vuls/id/466521

www.mandriva.com/security/advisories?name=MDVSA-2008:080

www.mandriva.com/security/advisories?name=MDVSA-2008:155

www.mozilla.org/security/announce/2008/mfsa2008-14.html

www.redhat.com/support/errata/RHSA-2008-0207.html

www.redhat.com/support/errata/RHSA-2008-0209.html

www.securityfocus.com/archive/1/490196/100/0/threaded

www.securityfocus.com/bid/28448

www.securitytracker.com/id?1019694

www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313

www.ubuntu.com/usn/usn-592-1

www.ubuntu.com/usn/usn-605-1

www.us-cert.gov/cas/techalerts/TA08-087A.html

www.vupen.com/english/advisories/2008/0998/references

www.vupen.com/english/advisories/2008/0999/references

www.vupen.com/english/advisories/2008/1793/references

www.vupen.com/english/advisories/2008/2091/references

exchange.xforce.ibmcloud.com/vulnerabilities/41457

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10980

www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

9.8

Confidence

High

EPSS

0.461

Percentile

97.5%

JSON

Related for CVE-2008-1235