CVE-2008-1380

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.

References

http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html

http://secunia.com/advisories/29787

http://secunia.com/advisories/29793

http://secunia.com/advisories/29828

http://secunia.com/advisories/29860

http://secunia.com/advisories/29883

http://secunia.com/advisories/29908

http://secunia.com/advisories/29911

http://secunia.com/advisories/29912

http://secunia.com/advisories/29947

http://secunia.com/advisories/30012

http://secunia.com/advisories/30029

http://secunia.com/advisories/30192

http://secunia.com/advisories/30327

http://secunia.com/advisories/30620

http://secunia.com/advisories/30717

http://secunia.com/advisories/31023

http://secunia.com/advisories/31377

http://secunia.com/advisories/33434

http://security.gentoo.org/glsa/glsa-200808-03.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.391769

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://www.debian.org/security/2008/dsa-1555

http://www.debian.org/security/2008/dsa-1558

http://www.debian.org/security/2008/dsa-1562

http://www.debian.org/security/2009/dsa-1696

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.kb.cert.org/vuls/id/441529

http://www.mandriva.com/security/advisories?name=MDVSA-2008:110

http://www.mozilla.org/security/announce/2008/mfsa2008-20.html

http://www.novell.com/linux/security/advisories/2008_13_sr.html

http://www.redhat.com/support/errata/RHSA-2008-0222.html

http://www.redhat.com/support/errata/RHSA-2008-0223.html

http://www.redhat.com/support/errata/RHSA-2008-0224.html

http://www.securityfocus.com/archive/1/491838/100/0/threaded

http://www.securityfocus.com/bid/28818

http://www.securitytracker.com/id?1019873

http://www.ubuntu.com/usn/usn-602-1

http://www.vupen.com/english/advisories/2008/1251/references

http://www.vupen.com/english/advisories/2008/1793/references

https://bugzilla.mozilla.org/show_bug.cgi?id=425576

https://exchange.xforce.ibmcloud.com/vulnerabilities/41857

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10752

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00407.html

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00463.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html

Details

Source: MITRE

Published: 2008-04-17

Updated: 2018-10-11

Type: CWE-399

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 2.0.0.13 (inclusive)

cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 1.1.9 (inclusive)

cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to 2.0.0.13 (inclusive)

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
67682Oracle Linux 4 : thunderbird (ELSA-2008-0224)NessusOracle Linux Local Security Checks
high
67681Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0223)NessusOracle Linux Local Security Checks
high
67680Oracle Linux 4 / 5 : firefox (ELSA-2008-0222)NessusOracle Linux Local Security Checks
high
60385Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60383Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
43680CentOS 4 / 5 : thunderbird (CESA-2008:0224)NessusCentOS Local Security Checks
high
36687Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:110)NessusMandriva Local Security Checks
high
35313Debian DSA-1696-1 : icedove - several vulnerabilitiesNessusDebian Local Security Checks
critical
33833GLSA-200808-03 : Mozilla products: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
33466Slackware 11.0 / 12.0 / 12.1 / current : seamonkey (SSA:2008-191-03)NessusSlackware Local Security Checks
critical
33394SeaMonkey < 1.1.10 Multiple VulnerabilitiesNessusWindows
high
33121openSUSE 10 Security Update : epiphany (epiphany-5293)NessusSuSE Local Security Checks
high
33119openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5280)NessusSuSE Local Security Checks
high
32416GLSA-200805-18 : Mozilla products: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
32206Fedora 8 : thunderbird-2.0.0.14-1.fc8 (2008-3557)NessusFedora Local Security Checks
high
32204Fedora 7 : thunderbird-2.0.0.14-1.fc7 (2008-3519)NessusFedora Local Security Checks
high
32114openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5219)NessusSuSE Local Security Checks
high
32113SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5218)NessusSuSE Local Security Checks
high
32112RHEL 4 / 5 : thunderbird (RHSA-2008:0224)NessusRed Hat Local Security Checks
high
32086Debian DSA-1562-1 : iceape - programming errorNessusDebian Local Security Checks
high
32064FreeBSD : firefox -- javascript garbage collector vulnerability (67bd39ba-12b5-11dd-bab7-0016179b2dd5)NessusFreeBSD Local Security Checks
high
32059Debian DSA-1558-1 : xulrunner - programming errorNessusDebian Local Security Checks
high
32053Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-602-1)NessusUbuntu Local Security Checks
high
32044Fedora 8 : Miro-1.2-2.fc8 / chmsee-1.0.0-2.30.fc8 / devhelp-0.16.1-7.fc8 / epiphany-2.20.3-3.fc8 / etc (2008-3283)NessusFedora Local Security Checks
high
32043Fedora 8 : seamonkey-1.1.9-2.fc8 (2008-3264)NessusFedora Local Security Checks
high
32040Fedora 7 : Miro-1.2-2.fc7 / chmsee-1.0.0-2.30.fc7 / devhelp-0.13-16.fc7 / epiphany-2.18.3-9.fc7 / etc (2008-3249)NessusFedora Local Security Checks
high
32039Fedora 7 : seamonkey-1.1.9-2.fc7 (2008-3231)NessusFedora Local Security Checks
high
32035Debian DSA-1555-1 : iceweasel - programming errorNessusDebian Local Security Checks
high
31999CentOS 3 / 4 : firefox / seamonkey (CESA-2008:0223)NessusCentOS Local Security Checks
high
31998CentOS 4 / 5 : firefox (CESA-2008:0222)NessusCentOS Local Security Checks
high
31994Slackware 10.2 / 11.0 / 12.0 / current : mozilla-firefox (SSA:2008-108-01)NessusSlackware Local Security Checks
high
31987RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0223)NessusRed Hat Local Security Checks
high
31986RHEL 4 / 5 : firefox (RHSA-2008:0222)NessusRed Hat Local Security Checks
high
4473Mozilla Firefox < 2.0.0.14 Javascript Garbage Collection DoSNessus Network MonitorWeb Clients
medium
31864Firefox < 2.0.0.14 Javascript Garbage Collector DoS NessusWindows
high
800772Firefox < 2.0.0.14 Javascript Garbage Collection DoSLog Correlation EngineWeb Clients
high