CVE-2008-4058

HIGH

Description

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.

ID	Name	Product	Family	Severity
67754	Oracle Linux 4 : thunderbird (ELSA-2008-0908)	Nessus	Oracle Linux Local Security Checks	critical
67745	Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0882)	Nessus	Oracle Linux Local Security Checks	critical
67744	Oracle Linux 5 : firefox (ELSA-2008-0879)	Nessus	Oracle Linux Local Security Checks	critical
65110	Ubuntu 6.06 LTS : firefox vulnerabilities (USN-645-2)	Nessus	Ubuntu Local Security Checks	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
60478	Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
60476	Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
60475	Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
43709	CentOS 4 / 5 : firefox (CESA-2008:0879)	Nessus	CentOS Local Security Checks	critical
40130	openSUSE Security Update : seamonkey (seamonkey-238)	Nessus	SuSE Local Security Checks	critical
40074	openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-234)	Nessus	SuSE Local Security Checks	critical
40071	openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-237)	Nessus	SuSE Local Security Checks	critical
39893	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-236)	Nessus	SuSE Local Security Checks	critical
39883	openSUSE Security Update : MozillaFirefox (MozillaFirefox-233)	Nessus	SuSE Local Security Checks	critical
38073	Ubuntu 8.04 LTS : firefox-3.0, xulrunner-1.9 regression (USN-645-3)	Nessus	Ubuntu Local Security Checks	critical
37910	Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : mozilla-thunderbird, thunderbird vulnerabilities (USN-647-1)	Nessus	Ubuntu Local Security Checks	critical
37308	Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:206)	Nessus	Mandriva Local Security Checks	critical
36823	Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:205)	Nessus	Mandriva Local Security Checks	critical
36243	Ubuntu 7.04 / 7.10 / 8.04 LTS : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-645-1)	Nessus	Ubuntu Local Security Checks	critical
35314	Debian DSA-1697-1 : iceape - several vulnerabilities	Nessus	Debian Local Security Checks	critical
35313	Debian DSA-1696-1 : icedove - several vulnerabilities	Nessus	Debian Local Security Checks	critical
34938	Debian DSA-1669-1 : xulrunner - several vulnerabilities	Nessus	Debian Local Security Checks	critical
34837	Fedora 9 : thunderbird-2.0.0.18-1.fc9 (2008-9859)	Nessus	Fedora Local Security Checks	critical
34836	Fedora 8 : thunderbird-2.0.0.18-1.fc8 (2008-9807)	Nessus	Fedora Local Security Checks	critical
34371	Debian DSA-1649-1 : iceweasel - several vulnerabilities	Nessus	Debian Local Security Checks	critical
34367	openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5656)	Nessus	SuSE Local Security Checks	critical
34366	SuSE 10 Security Update : Mozilla (ZYPP Patch Number 5654)	Nessus	SuSE Local Security Checks	critical
34360	openSUSE 10 Security Update : seamonkey (seamonkey-5657)	Nessus	SuSE Local Security Checks	critical
34345	openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5655)	Nessus	SuSE Local Security Checks	critical
34339	CentOS 4 / 5 : thunderbird (CESA-2008:0908)	Nessus	CentOS Local Security Checks	critical
34330	RHEL 4 / 5 : thunderbird (RHSA-2008:0908)	Nessus	Red Hat Local Security Checks	critical
34319	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5644)	Nessus	SuSE Local Security Checks	critical
34318	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5640)	Nessus	SuSE Local Security Checks	critical
34309	Fedora 9 : seamonkey-1.1.12-1.fc9 (2008-8429)	Nessus	Fedora Local Security Checks	critical
34308	Fedora 9 : Miro-1.2.4-3.fc9 / blam-1.8.5-2.fc9 / cairo-dock-1.6.2.3-1.fc9.1 / chmsee-1.0.1-5.fc9 / etc (2008-8425)	Nessus	Fedora Local Security Checks	critical
34307	Fedora 8 : seamonkey-1.1.12-1.fc8 (2008-8401)	Nessus	Fedora Local Security Checks	critical
34300	Slackware 10.2 / 11.0 / 12.0 / 12.1 / current : mozilla-thunderbird (SSA:2008-270-01)	Nessus	Slackware Local Security Checks	critical
34296	Slackware 11.0 / 12.0 / 12.1 / current : seamonkey (SSA:2008-269-02)	Nessus	Slackware Local Security Checks	critical
34295	Slackware 10.2 / 11.0 / 12.0 / 12.1 / current : mozilla-firefox (SSA:2008-269-01)	Nessus	Slackware Local Security Checks	critical
34294	Mozilla Thunderbird < 2.0.0.17 Multiple Vulnerabilities	Nessus	Windows	high
4696	Mozilla Thunderbird < 2.0.0.17 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
34278	CentOS 3 / 4 : seamonkey (CESA-2008:0882)	Nessus	CentOS Local Security Checks	critical
34275	RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0882)	Nessus	Red Hat Local Security Checks	critical
34274	RHEL 4 / 5 : firefox (RHSA-2008:0879)	Nessus	Red Hat Local Security Checks	critical
34270	FreeBSD : mozilla -- multiple vulnerabilities (2273879e-8a2f-11dd-a6fe-0030843d3802)	Nessus	FreeBSD Local Security Checks	critical
34269	SeaMonkey < 1.1.12 Multiple Vulnerabilities	Nessus	Windows	high
34268	Firefox < 2.0.0.17 Multiple Vulnerabilities	Nessus	Windows	high
34267	Firefox 3.0.x < 3.0.2 Multiple Vulnerabilities	Nessus	Windows	high
4693	SeaMonkey < 1.1.12 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
4692	Mozilla Firefox < 2.0.0.17 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
4691	Mozilla Firefox < 3.0.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
801289	Mozilla Thunderbird < 2.0.0.17 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
800877	SeaMonkey < 1.1.12 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800756	Firefox < 3.0.2 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800736	Firefox < 2.0.0.17 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high

CVE-2008-4058

Description

References

Details

Risk Information

CVSS v2.0