Lucene search

RedhatCVE-2008-4059

HistorySep 24, 2008 - 8:37 p.m.

CVE-2008-4059

2008-09-2420:37:04

CWE-264

redhat

web.nvd.nist.gov

mozilla

firefox

xpconnect

remote attackers

arbitrary code

chrome privileges

script element

vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.6

Confidence

High

EPSS

0.571

Percentile

97.7%

JSON

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to “pollute XPCNativeWrappers” and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.

Affected configurations

Nvd

Node

mozillafirefox

mozillafirefoxRange≤2.0.0.17

mozillafirefoxMatch0.8

mozillafirefoxMatch0.9

mozillafirefoxMatch0.9rc

mozillafirefoxMatch0.9.1

mozillafirefoxMatch0.9.2

mozillafirefoxMatch0.9.3

mozillafirefoxMatch0.9_rc

mozillafirefoxMatch0.10

mozillafirefoxMatch0.10.1

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillafirefoxMatch1.0.5

mozillafirefoxMatch1.0.6

mozillafirefoxMatch1.0.6linux

mozillafirefoxMatch1.0.7

mozillafirefoxMatch1.0.8

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5beta1

mozillafirefoxMatch1.5beta2

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillafirefoxMatch1.5.0.5

mozillafirefoxMatch1.5.0.6

mozillafirefoxMatch1.5.0.7

mozillafirefoxMatch1.5.0.8

mozillafirefoxMatch1.5.0.9

mozillafirefoxMatch1.5.0.10

mozillafirefoxMatch1.5.0.11

mozillafirefoxMatch1.5.0.12

mozillafirefoxMatch1.5.1

mozillafirefoxMatch1.5.2

mozillafirefoxMatch1.5.3

mozillafirefoxMatch1.5.4

mozillafirefoxMatch1.5.5

mozillafirefoxMatch1.5.6

mozillafirefoxMatch1.5.7

mozillafirefoxMatch1.5.8

mozillafirefoxMatch1.8

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0beta1

mozillafirefoxMatch2.0rc2

mozillafirefoxMatch2.0rc3

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillafirefoxMatch2.0.0.7

mozillafirefoxMatch2.0.0.8

mozillafirefoxMatch2.0.0.9

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillafirefoxMatch2.0.0.12

mozillafirefoxMatch2.0.0.13

mozillafirefoxMatch2.0.0.14

mozillafirefoxMatch2.0.0.15

mozillafirefoxMatch2.0.0.16

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox0.8cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
mozillafirefox0.9cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
mozillafirefox0.9cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
mozillafirefox0.9.1cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
mozillafirefox0.9.2cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
mozillafirefox0.9.3cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
mozillafirefox0.9_rccpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*
mozillafirefox0.10cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
mozillafirefox0.10.1cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	0.8	cpe:2.3:a:mozilla:firefox:0.8:::::::*
mozilla	firefox	0.9	cpe:2.3:a:mozilla:firefox:0.9:::::::*
mozilla	firefox	0.9	cpe:2.3:a:mozilla:firefox:0.9:rc::::::
mozilla	firefox	0.9.1	cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
mozilla	firefox	0.9.2	cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
mozilla	firefox	0.9.3	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
mozilla	firefox	0.9_rc	cpe:2.3:a:mozilla:firefox:0.9_rc:::::::*
mozilla	firefox	0.10	cpe:2.3:a:mozilla:firefox:0.10:::::::*
mozilla	firefox	0.10.1	cpe:2.3:a:mozilla:firefox:0.10.1:::::::*

Rows per page:

1-10 of 641

References

download.novell.com/Download?buildid=WZXONb-tqBw~

lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

secunia.com/advisories/31984

secunia.com/advisories/31985

secunia.com/advisories/32007

secunia.com/advisories/32010

secunia.com/advisories/32012

secunia.com/advisories/32025

secunia.com/advisories/32042

secunia.com/advisories/32044

secunia.com/advisories/32082

secunia.com/advisories/32092

secunia.com/advisories/32144

secunia.com/advisories/32185

secunia.com/advisories/32196

secunia.com/advisories/32845

secunia.com/advisories/33433

secunia.com/advisories/33434

secunia.com/advisories/34501

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

www.debian.org/security/2008/dsa-1649

www.debian.org/security/2008/dsa-1669

www.debian.org/security/2009/dsa-1696

www.debian.org/security/2009/dsa-1697

www.mandriva.com/security/advisories?name=MDVSA-2008:205

www.mandriva.com/security/advisories?name=MDVSA-2008:206

www.mozilla.org/security/announce/2008/mfsa2008-41.html

www.redhat.com/support/errata/RHSA-2008-0882.html

www.redhat.com/support/errata/RHSA-2008-0908.html

www.securityfocus.com/bid/31346

www.securitytracker.com/id?1020915

www.ubuntu.com/usn/usn-645-1

www.ubuntu.com/usn/usn-645-2

www.ubuntu.com/usn/usn-647-1

www.vupen.com/english/advisories/2008/2661

www.vupen.com/english/advisories/2009/0977

bugzilla.mozilla.org/show_bug.cgi?id=419848

exchange.xforce.ibmcloud.com/vulnerabilities/45352

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9529

www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.6

Confidence

High

EPSS

0.571

Percentile

97.7%

JSON

Related for CVE-2008-4059