Lucene search

RedhatCVE-2008-1380

HistoryApr 17, 2008 - 7:05 p.m.

CVE-2008-1380

2008-04-1719:05:00

CWE-399

redhat

web.nvd.nist.gov

mozilla

firefox

thunderbird

seamonkey

javascript engine

vulnerability

remote attackers

denial of service

cve-2008-1380

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.461

Percentile

97.5%

JSON

The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.

Affected configurations

Nvd

Node

mozillafirefoxRange≤2.0.0.13

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0beta1

mozillafirefoxMatch2.0rc2

mozillafirefoxMatch2.0rc3

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillafirefoxMatch2.0.0.7

mozillafirefoxMatch2.0.0.8

mozillafirefoxMatch2.0.0.9

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillafirefoxMatch2.0.0.12

mozillaseamonkeyRange≤1.1.9

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.0.99

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillathunderbirdRange≤2.0.0.13

mozillathunderbirdMatch2.0.0.0

mozillathunderbirdMatch2.0.0.1

mozillathunderbirdMatch2.0.0.2

mozillathunderbirdMatch2.0.0.3

mozillathunderbirdMatch2.0.0.4

mozillathunderbirdMatch2.0.0.5

mozillathunderbirdMatch2.0.0.6

mozillathunderbirdMatch2.0.0.8

mozillathunderbirdMatch2.0.0.9

mozillathunderbirdMatch2.0.0.11

mozillathunderbirdMatch2.0.0.12

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox2.0cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
mozillafirefox2.0cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*
mozillafirefox2.0cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
mozillafirefox2.0cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
mozillafirefox2.0.0.1cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
mozillafirefox2.0.0.2cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
mozillafirefox2.0.0.3cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
mozillafirefox2.0.0.4cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
mozillafirefox2.0.0.5cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	2.0	cpe:2.3:a:mozilla:firefox:2.0:::::::*
mozilla	firefox	2.0	cpe:2.3:a:mozilla:firefox:2.0:beta1::::::
mozilla	firefox	2.0	cpe:2.3:a:mozilla:firefox:2.0:rc2::::::
mozilla	firefox	2.0	cpe:2.3:a:mozilla:firefox:2.0:rc3::::::
mozilla	firefox	2.0.0.1	cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
mozilla	firefox	2.0.0.2	cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*
mozilla	firefox	2.0.0.3	cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*
mozilla	firefox	2.0.0.4	cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::*
mozilla	firefox	2.0.0.5	cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::*

Rows per page:

1-10 of 491

References

lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html

secunia.com/advisories/29787

secunia.com/advisories/29793

secunia.com/advisories/29828

secunia.com/advisories/29860

secunia.com/advisories/29883

secunia.com/advisories/29908

secunia.com/advisories/29911

secunia.com/advisories/29912

secunia.com/advisories/29947

secunia.com/advisories/30012

secunia.com/advisories/30029

secunia.com/advisories/30192

secunia.com/advisories/30327

secunia.com/advisories/30620

secunia.com/advisories/30717

secunia.com/advisories/31023

secunia.com/advisories/31377

secunia.com/advisories/33434

security.gentoo.org/glsa/glsa-200808-03.xml

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.391769

sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

www.debian.org/security/2008/dsa-1555

www.debian.org/security/2008/dsa-1558

www.debian.org/security/2008/dsa-1562

www.debian.org/security/2009/dsa-1696

www.gentoo.org/security/en/glsa/glsa-200805-18.xml

www.kb.cert.org/vuls/id/441529

www.mandriva.com/security/advisories?name=MDVSA-2008:110

www.mozilla.org/security/announce/2008/mfsa2008-20.html

www.novell.com/linux/security/advisories/2008_13_sr.html

www.redhat.com/support/errata/RHSA-2008-0222.html

www.redhat.com/support/errata/RHSA-2008-0223.html

www.redhat.com/support/errata/RHSA-2008-0224.html

www.securityfocus.com/archive/1/491838/100/0/threaded

www.securityfocus.com/bid/28818

www.securitytracker.com/id?1019873

www.ubuntu.com/usn/usn-602-1

www.vupen.com/english/advisories/2008/1251/references

www.vupen.com/english/advisories/2008/1793/references

bugzilla.mozilla.org/show_bug.cgi?id=425576

exchange.xforce.ibmcloud.com/vulnerabilities/41857

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10752

www.redhat.com/archives/fedora-package-announce/2008-April/msg00407.html

www.redhat.com/archives/fedora-package-announce/2008-April/msg00463.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.461

Percentile

97.5%

JSON

Related for CVE-2008-1380