ID CVE-2008-1380
Summary The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.
References
Vulnerable Configurations
  • Mozilla Firefox 2.0
    cpe:2.3:a:mozilla:firefox:2.0
  • cpe:2.3:a:mozilla:firefox:2.0:beta1
    cpe:2.3:a:mozilla:firefox:2.0:beta1
  • cpe:2.3:a:mozilla:firefox:2.0:rc2
    cpe:2.3:a:mozilla:firefox:2.0:rc2
  • cpe:2.3:a:mozilla:firefox:2.0:rc3
    cpe:2.3:a:mozilla:firefox:2.0:rc3
  • Mozilla Firefox 2.0.0.1
    cpe:2.3:a:mozilla:firefox:2.0.0.1
  • Mozilla Firefox 2.0.0.2
    cpe:2.3:a:mozilla:firefox:2.0.0.2
  • Mozilla Firefox 2.0.0.3
    cpe:2.3:a:mozilla:firefox:2.0.0.3
  • Mozilla Firefox 2.0.0.4
    cpe:2.3:a:mozilla:firefox:2.0.0.4
  • Mozilla Firefox 2.0.0.5
    cpe:2.3:a:mozilla:firefox:2.0.0.5
  • Mozilla Firefox 2.0.0.6
    cpe:2.3:a:mozilla:firefox:2.0.0.6
  • Mozilla Firefox 2.0.0.7
    cpe:2.3:a:mozilla:firefox:2.0.0.7
  • Mozilla Firefox 2.0.0.8
    cpe:2.3:a:mozilla:firefox:2.0.0.8
  • Mozilla Firefox 2.0.0.9
    cpe:2.3:a:mozilla:firefox:2.0.0.9
  • Mozilla Firefox 2.0.0.10
    cpe:2.3:a:mozilla:firefox:2.0.0.10
  • Mozilla Firefox 2.0.0.11
    cpe:2.3:a:mozilla:firefox:2.0.0.11
  • Mozilla Firefox 2.0.0.12
    cpe:2.3:a:mozilla:firefox:2.0.0.12
  • Mozilla Firefox 2.0.0.13
    cpe:2.3:a:mozilla:firefox:2.0.0.13
  • Mozilla SeaMonkey 1.0
    cpe:2.3:a:mozilla:seamonkey:1.0
  • Mozilla SeaMonkey 1.0.1
    cpe:2.3:a:mozilla:seamonkey:1.0.1
  • Mozilla SeaMonkey 1.0.2
    cpe:2.3:a:mozilla:seamonkey:1.0.2
  • Mozilla SeaMonkey 1.0.3
    cpe:2.3:a:mozilla:seamonkey:1.0.3
  • Mozilla SeaMonkey 1.0.4
    cpe:2.3:a:mozilla:seamonkey:1.0.4
  • Mozilla SeaMonkey 1.0.5
    cpe:2.3:a:mozilla:seamonkey:1.0.5
  • Mozilla SeaMonkey 1.0.6
    cpe:2.3:a:mozilla:seamonkey:1.0.6
  • Mozilla SeaMonkey 1.0.7
    cpe:2.3:a:mozilla:seamonkey:1.0.7
  • Mozilla SeaMonkey 1.0.8
    cpe:2.3:a:mozilla:seamonkey:1.0.8
  • Mozilla SeaMonkey 1.0.9
    cpe:2.3:a:mozilla:seamonkey:1.0.9
  • cpe:2.3:a:mozilla:seamonkey:1.0.99
    cpe:2.3:a:mozilla:seamonkey:1.0.99
  • Mozilla SeaMonkey 1.1
    cpe:2.3:a:mozilla:seamonkey:1.1
  • Mozilla Seamonkey 1.1.2
    cpe:2.3:a:mozilla:seamonkey:1.1.2
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla Seamonkey 1.1.4
    cpe:2.3:a:mozilla:seamonkey:1.1.4
  • Mozilla Seamonkey 1.1.5
    cpe:2.3:a:mozilla:seamonkey:1.1.5
  • Mozilla Seamonkey 1.1.6
    cpe:2.3:a:mozilla:seamonkey:1.1.6
  • Mozilla Seamonkey 1.1.7
    cpe:2.3:a:mozilla:seamonkey:1.1.7
  • Mozilla SeaMonkey 1.1.8
    cpe:2.3:a:mozilla:seamonkey:1.1.8
  • Mozilla SeaMonkey 1.1.9
    cpe:2.3:a:mozilla:seamonkey:1.1.9
  • Mozilla Thunderbird 2.0.0.0
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0
  • Mozilla Thunderbird 2.0.0.1
    cpe:2.3:a:mozilla:thunderbird:2.0.0.1
  • Mozilla Thunderbird 2.0.0.2
    cpe:2.3:a:mozilla:thunderbird:2.0.0.2
  • Mozilla Thunderbird 2.0.0.3
    cpe:2.3:a:mozilla:thunderbird:2.0.0.3
  • Mozilla Thunderbird 2.0.0.4
    cpe:2.3:a:mozilla:thunderbird:2.0.0.4
  • Mozilla Thunderbird 2.0.0.5
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5
  • Mozilla Thunderbird 2.0.0.6
    cpe:2.3:a:mozilla:thunderbird:2.0.0.6
  • Mozilla Thunderbird 2.0.0.8
    cpe:2.3:a:mozilla:thunderbird:2.0.0.8
  • Mozilla Thunderbird 2.0.0.9
    cpe:2.3:a:mozilla:thunderbird:2.0.0.9
  • Mozilla Thunderbird 2.0.0.11
    cpe:2.3:a:mozilla:thunderbird:2.0.0.11
  • Mozilla Thunderbird 2.0.0.12
    cpe:2.3:a:mozilla:thunderbird:2.0.0.12
  • Mozilla Thunderbird 2.0.0.13
    cpe:2.3:a:mozilla:thunderbird:2.0.0.13
CVSS
Base: 9.3 (as of 18-04-2008 - 10:32)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-5219.NASL
    description This update brings Mozilla Firefox to security update version 2.0.0.14 Following security problems were fixed : - MFSA 2008-20/CVE-2008-1380: Fixes for security problems in the JavaScript engine described in MFSA 2008-15 (CVE-2008-1237) introduced a stability problem, where some users experienced frequent crashes during JavaScript garbage collection. These crashes may be exploitable if someone finds a reliable way to trigger the crash.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 32114
    published 2008-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32114
    title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5219)
  • NASL family Windows
    NASL id SEAMONKEY_1110.NASL
    description The installed version of SeaMonkey is affected by various security issues : - A stability problem that could result in a crash during JavaScript garbage collection (MFSA 2008-20). - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption (MFSA 2008-21). - A vulnerability involving violation of the same-origin policy could allow for cross-site scripting attacks (MFSA 2008-22). - JavaScript can be injected into the context of signed JARs and executed under the context of the JAR's signer (MFSA 2008-23). - By taking advantage of the privilege level stored in the pre-compiled 'fastload' file. an attacker may be able to run arbitrary JavaScript code with chrome privileges (MFSA 2008-24). - Arbitrary code execution is possible in 'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25). - Several function calls in the MIME handling code use unsafe versions of string routines (MFSA 2008-26). - An attacker can steal files from known locations on a victim's computer via originalTarget and DOM Range (MFSA 2008-27). - It is possible for a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains (MFSA 2008-28). - An improperly encoded '.properties' file in an add-on can result in uninitialized memory being used, which could lead to data formerly used by other programs being exposed to the add-on code (MFSA 2008-29). - File URLs in directory listings are not properly HTML- escaped when the filenames contained particular characters (MFSA 2008-30). - A weakness in the trust model regarding alt names on peer-trusted certs could lead to spoofing secure connections to any other site (MFSA 2008-31). - URL shortcut files on Windows (for example, saved IE favorites) could be interpreted as if they were in the local file context when opened by SeaMonkey, although the referenced remote content would be downloaded and displayed (MFSA 2008-32). - A crash in Mozilla's block reflow code could be used by an attacker to crash the browser and run arbitrary code on the victim's computer (MFSA 2008-33).
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 33394
    published 2008-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33394
    title SeaMonkey < 1.1.10 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_67BD39BA12B511DDBAB70016179B2DD5.NASL
    description Mozilla Foundation reports : Fixes for security problems in the JavaScript engine described in MFSA 2008-15 introduced a stability problem, where some users experienced crashes during JavaScript garbage collection. This is being fixed primarily to address stability concerns. We have no demonstration that this particular crash is exploitable but are issuing this advisory because some crashes of this type have been shown to be exploitable in the past.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 32064
    published 2008-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32064
    title FreeBSD : firefox -- javascript garbage collector vulnerability (67bd39ba-12b5-11dd-bab7-0016179b2dd5)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2008-191-03.NASL
    description New seamonkey packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 33466
    published 2008-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33466
    title Slackware 11.0 / 12.0 / 12.1 / current : seamonkey (SSA:2008-191-03)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200805-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities) The following vulnerabilities were reported in all mentioned Mozilla products: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415). Gerry Eisenhaur discovered a directory traversal vulnerability when using 'flat' addons (CVE-2008-0418). Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported multiple character handling flaws related to the backspace character, the '0x80' character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416). The following vulnerability was reported in Thunderbird and SeaMonkey: regenrecht (via iDefense) reported a heap-based buffer overflow when rendering an email message with an external MIME body (CVE-2008-0304). The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner: The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9 introduced a new crash vulnerability (CVE-2008-1380). hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls (CVE-2008-0414). Gynvael Coldwind (Vexillium) discovered that BMP images could be used to reveal uninitialized memory, and that this data could be extracted using a 'canvas' feature (CVE-2008-0420). Chris Thomas reported that background tabs could create a borderless XUL pop-up in front of pages in other tabs (CVE-2008-1241). oo.rio.oo discovered that a plain text file with a 'Content-Disposition: attachment' prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592). Martin Straka reported that the '.href' property of stylesheet DOM nodes is modified to the final URI of a 302 redirect, bypassing the same origin policy (CVE-2008-0593). Gregory Fleischer discovered that under certain circumstances, leading characters from the hostname part of the 'Referer:' HTTP header are removed (CVE-2008-1238). Peter Brodersen and Alexander Klink reported that the browser automatically selected and sent a client certificate when SSL Client Authentication is requested by a server (CVE-2007-4879). Gregory Fleischer reported that web content fetched via the 'jar:' protocol was not subject to network access restrictions (CVE-2008-1240). The following vulnerabilities were reported in Firefox: Justin Dolske discovered a CRLF injection vulnerability when storing passwords (CVE-2008-0417). Michal Zalewski discovered that Firefox does not properly manage a delay timer used in confirmation dialogs (CVE-2008-0591). Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog is not displayed if the entire contents of a web page are in a DIV tag that uses absolute positioning (CVE-2008-0594). Impact : A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files when submitting a form, to corrupt saved passwords for other sites, to steal login credentials, or to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 32416
    published 2008-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32416
    title GLSA-200805-18 : Mozilla products: Multiple vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200808-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-200808-03 (Mozilla products: Multiple vulnerabilities) The following vulnerabilities were reported in all mentioned Mozilla products: TippingPoint's Zero Day Initiative reported that an incorrect integer data type is used as a CSS object reference counter, leading to a counter overflow and a free() of in-use memory (CVE-2008-2785). Igor Bukanov, Jesse Ruderman and Gary Kwong reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-2799). Devon Hubbard, Jesse Ruderman, and Martijn Wargers reported crashes in the layout engine, possibly triggering memory corruption (CVE-2008-2798). moz_bug_r_a4 reported that XUL documents that include a script from a chrome: URI that points to a fastload file would be executed with the privileges specified in the file (CVE-2008-2802). moz_bug_r_a4 reported that the mozIJSSubScriptLoader.LoadScript() function only apply XPCNativeWrappers to scripts loaded from standard 'chrome:' URIs, which could be the case in third-party add-ons (CVE-2008-2803). Astabis reported a crash in the block reflow implementation related to large images (CVE-2008-2811). John G. Myers, Frank Benkstein and Nils Toedtmann reported a weakness in the trust model used by Mozilla, that when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, the certificate is also regarded as accepted for all domain names in subjectAltName:dNSName fields (CVE-2008-2809). The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner: moz_bug_r_a4 reported that the Same Origin Policy is not properly enforced on JavaScript (CVE-2008-2800). Collin Jackson and Adam Barth reported that JAR signing is not properly implemented, allowing injection of JavaScript into documents within a JAR archive (CVE-2008-2801). Opera Software reported an error allowing for arbitrary local file upload (CVE-2008-2805). Daniel Glazman reported that an invalid .properties file for an add-on might lead to the usage of uninitialized memory (CVE-2008-2807). Masahiro Yamada reported that HTML in 'file://' URLs in directory listings is not properly escaped (CVE-2008-2808). Geoff reported that the context of Windows Internet shortcut files is not correctly identified (CVE-2008-2810). The crash vulnerability (CVE-2008-1380) that was previously announced in GLSA 200805-18 is now also also resolved in SeaMonkey binary ebuilds. The following vulnerability was reported in Firefox only: Billy Rios reported that the Pipe character in a command-line URI is identified as a request to open multiple tabs, allowing to open 'chrome' and 'file' URIs (CVE-2008-2933). Impact : A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files or to accept an invalid certificate for a spoofed website, to read uninitialized memory, to violate Same Origin Policy, or to conduct Cross-Site Scripting attacks. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 33833
    published 2008-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33833
    title GLSA-200808-03 : Mozilla products: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3519.NASL
    description Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. An HTML mail message containing specially crafted content could, potentially, trick a user into surrendering sensitive information. (CVE-2008-1234) A flaw was found in the processing of malformed JavaScript content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1380) Note: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 32204
    published 2008-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32204
    title Fedora 7 : thunderbird-2.0.0.14-1.fc7 (2008-3519)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1555.NASL
    description It was discovered that crashes in the JavaScript engine of Iceweasel, an unbranded version of the Firefox browser, could potentially lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32035
    published 2008-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32035
    title Debian DSA-1555-1 : iceweasel - programming error
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3249.NASL
    description Mozilla Firefox is an open source Web browser. A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1380) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 32040
    published 2008-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32040
    title Fedora 7 : Miro-1.2-2.fc7 / chmsee-1.0.0-2.30.fc7 / devhelp-0.13-16.fc7 / epiphany-2.18.3-9.fc7 / etc (2008-3249)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-602-1.NASL
    description Flaws were discovered in Firefox which could lead to crashes during JavaScript garbage collection. If a user were tricked into opening a malicious web page, an attacker may be able to crash the browser or possibly execute arbitrary code with the user's privileges. (CVE-2008-1380). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 32053
    published 2008-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32053
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-602-1)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_20014.NASL
    description The installed version of Firefox contains a stability problem that could result in a crash during JavaScript garbage collection. Although there are no examples of this extending beyond a crash, similar issues in the past have been shown to allow arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 31864
    published 2008-04-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31864
    title Firefox < 2.0.0.14 Javascript Garbage Collector DoS
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLATHUNDERBIRD-5280.NASL
    description MozillaThunderbird was updated to version 2.0.0.14, fixing various bugs including 1 security bug : + MFSA 2008-20/CVE-2008-1380: Crash in JavaScript garbage collector JavaScript is not default enabled in our Thunderbird builds though.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 33119
    published 2008-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33119
    title openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5280)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0224.NASL
    description From Red Hat Security Advisory 2008:0224 : Updated thunderbird packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed JavaScript content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1380) Note: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67682
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67682
    title Oracle Linux 4 : thunderbird (ELSA-2008-0224)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080416_FIREFOX_ON_SL4_X.NASL
    description A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1380)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60383
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60383
    title Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0222.NASL
    description From Red Hat Security Advisory 2008:0222 : Updated firefox packages that fix a security bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1380) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67680
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67680
    title Oracle Linux 4 / 5 : firefox (ELSA-2008-0222)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1562.NASL
    description It was discovered that crashes in the JavaScript engine of Iceape, an unbranded version of the SeaMonkey internet suite could potentially lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32086
    published 2008-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32086
    title Debian DSA-1562-1 : iceape - programming error
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0224.NASL
    description Updated thunderbird packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed JavaScript content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1380) Note: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 32112
    published 2008-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32112
    title RHEL 4 / 5 : thunderbird (RHSA-2008:0224)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3557.NASL
    description Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. An HTML mail message containing specially crafted content could, potentially, trick a user into surrendering sensitive information. (CVE-2008-1234) A flaw was found in the processing of malformed JavaScript content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1380) Note: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 32206
    published 2008-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32206
    title Fedora 8 : thunderbird-2.0.0.14-1.fc8 (2008-3557)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0223.NASL
    description Updated SeaMonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1380) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31999
    published 2008-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31999
    title CentOS 3 / 4 : firefox / seamonkey (CESA-2008:0223)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0222.NASL
    description Updated firefox packages that fix a security bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1380) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31998
    published 2008-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31998
    title CentOS 4 / 5 : firefox (CESA-2008:0222)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-110.NASL
    description Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.14. This update provides the latest Firefox to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36687
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36687
    title Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:110)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2008-108-01.NASL
    description New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix a possible security bug.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 31994
    published 2008-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31994
    title Slackware 10.2 / 11.0 / 12.0 / current : mozilla-firefox (SSA:2008-108-01)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1696.NASL
    description Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. (MFSA 2008-37) - CVE-2008-1380 It was discovered that crashes in the JavaScript engine could potentially lead to the execution of arbitrary code. (MFSA 2008-20) - CVE-2008-3835 'moz_bug_r_a4' discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38) - CVE-2008-4058 'moz_bug_r_a4' discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) - CVE-2008-4059 'moz_bug_r_a4' discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) - CVE-2008-4060 Olli Pettay and 'moz_bug_r_a4' discovered a Chrome privilege escalation vulnerability in XSLT handling. (MFSA 2008-41) - CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-42) - CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. (MFSA 2008-42) - CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from JavaScript code before execution, which can result in code being executed, which were otherwise part of a quoted string. (MFSA 2008-43) - CVE-2008-4067 It was discovered that a directory traversal allows attackers to read arbitrary files via a certain character. (MFSA 2008-44) - CVE-2008-4068 It was discovered that a directory traversal allows attackers to bypass security restrictions and obtain sensitive information. (MFSA 2008-44) - CVE-2008-4070 It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. (MFSA 2008-46) - CVE-2008-4582 Liu Die Yu and Boris Zbarsky discovered an information leak through local shortcut files. (MFSA 2008-47, MFSA 2008-59) - CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. (MFSA 2008-48) - CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. (MFSA 2008-50) - CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. (MFSA 2008-52) - CVE-2008-5018 It was discovered that crashes in the JavaScript engine could lead to arbitrary code execution. (MFSA 2008-52) - CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. (MFSA 2008-55) - CVE-2008-5022 'moz_bug_r_a4' discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. (MFSA 2008-56) - CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. (MFSA 2008-58) - CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) - CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) - CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) - CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) - CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) - CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an 'unloaded document.' (MFSA 2008-68) - CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35313
    published 2009-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35313
    title Debian DSA-1696-1 : icedove - several vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0223.NASL
    description From Red Hat Security Advisory 2008:0223 : Updated SeaMonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1380) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67681
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67681
    title Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0223)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0223.NASL
    description Updated SeaMonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3, and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1380) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 31987
    published 2008-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31987
    title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0223)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3283.NASL
    description Mozilla Firefox is an open source Web browser. A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1380) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 32044
    published 2008-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32044
    title Fedora 8 : Miro-1.2-2.fc8 / chmsee-1.0.0-2.30.fc8 / devhelp-0.16.1-7.fc8 / epiphany-2.20.3-3.fc8 / etc (2008-3283)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3264.NASL
    description Security update: fix memory corrupting crash and possibly code execution in JavaScript garbage collection (CVE-2008-1380, #440518). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 32043
    published 2008-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32043
    title Fedora 8 : seamonkey-1.1.9-2.fc8 (2008-3264)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-5218.NASL
    description This update brings Mozilla Firefox to security update version 2.0.0.14 - Fixes for security problems in the JavaScript engine described in MFSA 2008-15 (CVE-2008-1237) introduced a stability problem, where some users experienced frequent crashes during JavaScript garbage collection. These crashes may be exploitable if someone finds a reliable way to trigger the crash. (MFSA 2008-20 / CVE-2008-1380)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 32113
    published 2008-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32113
    title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5218)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1558.NASL
    description It was discovered that crashes in the JavaScript engine of xulrunner, the Gecko engine library, could potentially lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32059
    published 2008-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32059
    title Debian DSA-1558-1 : xulrunner - programming error
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0224.NASL
    description Updated thunderbird packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed JavaScript content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1380) Note: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43680
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43680
    title CentOS 4 / 5 : thunderbird (CESA-2008:0224)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080416_SEAMONKEY_ON_SL3_X.NASL
    description A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1380)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60385
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60385
    title Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_EPIPHANY-5293.NASL
    description mozilla-xulrunner181 was updated to version 1.8.1.14, fixing various bugs including 1 security bug : + MFSA 2008-20/CVE-2008-1380: Crash in JavaScript garbage collector
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 33121
    published 2008-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33121
    title openSUSE 10 Security Update : epiphany (epiphany-5293)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3231.NASL
    description Security update: fix memory corrupting crash and possibly code execution in JavaScript garbage collection (CVE-2008-1380, #440518). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 32039
    published 2008-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32039
    title Fedora 7 : seamonkey-1.1.9-2.fc7 (2008-3231)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0222.NASL
    description Updated firefox packages that fix a security bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1380) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 31986
    published 2008-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31986
    title RHEL 4 / 5 : firefox (RHSA-2008:0222)
oval via4
accepted 2013-04-29T04:08:22.944-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.
family unix
id oval:org.mitre.oval:def:10752
status accepted
submitted 2010-07-09T03:56:16-04:00
title The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.
version 24
redhat via4
advisories
  • bugzilla
    id 440518
    title CVE-2008-1380 Firefox JavaScript garbage collection crash
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • comment firefox is earlier than 0:1.5.0.12-0.15.el4
        oval oval:com.redhat.rhsa:tst:20080222002
      • comment firefox is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20060733003
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment firefox is earlier than 0:1.5.0.12-15.el5_1
            oval oval:com.redhat.rhsa:tst:20080222005
          • comment firefox is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070097009
        • AND
          • comment firefox-devel is earlier than 0:1.5.0.12-15.el5_1
            oval oval:com.redhat.rhsa:tst:20080222007
          • comment firefox-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070097011
    rhsa
    id RHSA-2008:0222
    released 2008-04-16
    severity Critical
    title RHSA-2008:0222: firefox security update (Critical)
  • bugzilla
    id 440518
    title CVE-2008-1380 Firefox JavaScript garbage collection crash
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhsa:tst:20060015001
      • OR
        • AND
          • comment seamonkey is earlier than 0:1.0.9-0.17.el3
            oval oval:com.redhat.rhsa:tst:20080223002
          • comment seamonkey is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734003
        • AND
          • comment seamonkey-chat is earlier than 0:1.0.9-0.17.el3
            oval oval:com.redhat.rhsa:tst:20080223012
          • comment seamonkey-chat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734021
        • AND
          • comment seamonkey-devel is earlier than 0:1.0.9-0.17.el3
            oval oval:com.redhat.rhsa:tst:20080223004
          • comment seamonkey-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734005
        • AND
          • comment seamonkey-dom-inspector is earlier than 0:1.0.9-0.17.el3
            oval oval:com.redhat.rhsa:tst:20080223020
          • comment seamonkey-dom-inspector is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734011
        • AND
          • comment seamonkey-js-debugger is earlier than 0:1.0.9-0.17.el3
            oval oval:com.redhat.rhsa:tst:20080223008
          • comment seamonkey-js-debugger is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734013
        • AND
          • comment seamonkey-mail is earlier than 0:1.0.9-0.17.el3
            oval oval:com.redhat.rhsa:tst:20080223010
          • comment seamonkey-mail is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734019
        • AND
          • comment seamonkey-nspr is earlier than 0:1.0.9-0.17.el3
            oval oval:com.redhat.rhsa:tst:20080223016
          • comment seamonkey-nspr is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734007
        • AND
          • comment seamonkey-nspr-devel is earlier than 0:1.0.9-0.17.el3
            oval oval:com.redhat.rhsa:tst:20080223006
          • comment seamonkey-nspr-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734009
        • AND
          • comment seamonkey-nss is earlier than 0:1.0.9-0.17.el3
            oval oval:com.redhat.rhsa:tst:20080223018
          • comment seamonkey-nss is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734015
        • AND
          • comment seamonkey-nss-devel is earlier than 0:1.0.9-0.17.el3
            oval oval:com.redhat.rhsa:tst:20080223014
          • comment seamonkey-nss-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734017
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment seamonkey is earlier than 0:1.0.9-16.el4
            oval oval:com.redhat.rhsa:tst:20080223023
          • comment seamonkey is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734003
        • AND
          • comment seamonkey-chat is earlier than 0:1.0.9-16.el4
            oval oval:com.redhat.rhsa:tst:20080223024
          • comment seamonkey-chat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734021
        • AND
          • comment seamonkey-devel is earlier than 0:1.0.9-16.el4
            oval oval:com.redhat.rhsa:tst:20080223032
          • comment seamonkey-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734005
        • AND
          • comment seamonkey-dom-inspector is earlier than 0:1.0.9-16.el4
            oval oval:com.redhat.rhsa:tst:20080223028
          • comment seamonkey-dom-inspector is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734011
        • AND
          • comment seamonkey-js-debugger is earlier than 0:1.0.9-16.el4
            oval oval:com.redhat.rhsa:tst:20080223031
          • comment seamonkey-js-debugger is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734013
        • AND
          • comment seamonkey-mail is earlier than 0:1.0.9-16.el4
            oval oval:com.redhat.rhsa:tst:20080223030
          • comment seamonkey-mail is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734019
        • AND
          • comment seamonkey-nspr is earlier than 0:1.0.9-16.el4
            oval oval:com.redhat.rhsa:tst:20080223026
          • comment seamonkey-nspr is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734007
        • AND
          • comment seamonkey-nspr-devel is earlier than 0:1.0.9-16.el4
            oval oval:com.redhat.rhsa:tst:20080223027
          • comment seamonkey-nspr-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734009
        • AND
          • comment seamonkey-nss is earlier than 0:1.0.9-16.el4
            oval oval:com.redhat.rhsa:tst:20080223025
          • comment seamonkey-nss is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734015
        • AND
          • comment seamonkey-nss-devel is earlier than 0:1.0.9-16.el4
            oval oval:com.redhat.rhsa:tst:20080223029
          • comment seamonkey-nss-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734017
    rhsa
    id RHSA-2008:0223
    released 2008-04-16
    severity Critical
    title RHSA-2008:0223: seamonkey security update (Critical)
  • bugzilla
    id 440518
    title CVE-2008-1380 Firefox JavaScript garbage collection crash
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • comment thunderbird is earlier than 0:1.5.0.12-11.el4
        oval oval:com.redhat.rhsa:tst:20080224002
      • comment thunderbird is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20060735003
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • comment thunderbird is earlier than 0:1.5.0.12-12.el5_1
        oval oval:com.redhat.rhsa:tst:20080224005
      • comment thunderbird is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070108003
    rhsa
    id RHSA-2008:0224
    released 2008-04-30
    severity Moderate
    title RHSA-2008:0224: thunderbird security update (Moderate)
rpms
  • firefox-0:1.5.0.12-0.15.el4
  • firefox-0:1.5.0.12-15.el5_1
  • firefox-devel-0:1.5.0.12-15.el5_1
  • seamonkey-0:1.0.9-0.17.el3
  • seamonkey-chat-0:1.0.9-0.17.el3
  • seamonkey-devel-0:1.0.9-0.17.el3
  • seamonkey-dom-inspector-0:1.0.9-0.17.el3
  • seamonkey-js-debugger-0:1.0.9-0.17.el3
  • seamonkey-mail-0:1.0.9-0.17.el3
  • seamonkey-nspr-0:1.0.9-0.17.el3
  • seamonkey-nspr-devel-0:1.0.9-0.17.el3
  • seamonkey-nss-0:1.0.9-0.17.el3
  • seamonkey-nss-devel-0:1.0.9-0.17.el3
  • seamonkey-0:1.0.9-16.el4
  • seamonkey-chat-0:1.0.9-16.el4
  • seamonkey-devel-0:1.0.9-16.el4
  • seamonkey-dom-inspector-0:1.0.9-16.el4
  • seamonkey-js-debugger-0:1.0.9-16.el4
  • seamonkey-mail-0:1.0.9-16.el4
  • seamonkey-nspr-0:1.0.9-16.el4
  • seamonkey-nspr-devel-0:1.0.9-16.el4
  • seamonkey-nss-0:1.0.9-16.el4
  • seamonkey-nss-devel-0:1.0.9-16.el4
  • thunderbird-0:1.5.0.12-11.el4
  • thunderbird-0:1.5.0.12-12.el5_1
refmap via4
bid 28818
bugtraq 20080508 FLEA-2008-0008-1 firefox
cert-vn VU#441529
confirm http://www.mozilla.org/security/announce/2008/mfsa2008-20.html
debian
  • DSA-1555
  • DSA-1558
  • DSA-1562
  • DSA-1696
fedora
  • FEDORA-2008-3231
  • FEDORA-2008-3264
  • FEDORA-2008-3519
  • FEDORA-2008-3557
gentoo
  • GLSA-200805-18
  • GLSA-200808-03
mandriva MDVSA-2008:110
misc https://bugzilla.mozilla.org/show_bug.cgi?id=425576
sectrack 1019873
secunia
  • 29787
  • 29793
  • 29828
  • 29860
  • 29883
  • 29908
  • 29911
  • 29912
  • 29947
  • 30012
  • 30029
  • 30192
  • 30327
  • 30620
  • 30717
  • 31023
  • 31377
  • 33434
slackware
  • SSA:2008-108-01
  • SSA:2008-191-03
sunalert 238492
suse
  • SUSE-SR:2008:011
  • SUSE-SR:2008:013
ubuntu USN-602-1
vupen
  • ADV-2008-1251
  • ADV-2008-1793
xf mozilla-garbage-code-execution(41857)
Last major update 07-03-2011 - 22:07
Published 17-04-2008 - 15:05
Last modified 11-10-2018 - 16:32
Back to Top