- Home
- CVEs with nessus.description==Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. (MFSA 2008-37)
- CVE-2008-1380 It was discovered that crashes in the JavaScript engine could potentially lead to the execution of arbitrary code. (MFSA 2008-20)
- CVE-2008-3835 'moz_bug_r_a4' discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed.
(MFSA 2008-38)
- CVE-2008-4058 'moz_bug_r_a4' discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)
- CVE-2008-4059 'moz_bug_r_a4' discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)
- CVE-2008-4060 Olli Pettay and 'moz_bug_r_a4' discovered a Chrome privilege escalation vulnerability in XSLT handling.
(MFSA 2008-41)
- CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-42)
- CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. (MFSA 2008-42)
- CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from JavaScript code before execution, which can result in code being executed, which were otherwise part of a quoted string. (MFSA 2008-43)
- CVE-2008-4067 It was discovered that a directory traversal allows attackers to read arbitrary files via a certain character. (MFSA 2008-44)
- CVE-2008-4068 It was discovered that a directory traversal allows attackers to bypass security restrictions and obtain sensitive information. (MFSA 2008-44)
- CVE-2008-4070 It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. (MFSA 2008-46)
- CVE-2008-4582 Liu Die Yu and Boris Zbarsky discovered an information leak through local shortcut files. (MFSA 2008-47, MFSA 2008-59)
- CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. (MFSA 2008-48)
- CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. (MFSA 2008-50)
- CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. (MFSA 2008-52)
- CVE-2008-5018 It was discovered that crashes in the JavaScript engine could lead to arbitrary code execution. (MFSA 2008-52)
- CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. (MFSA 2008-55)
- CVE-2008-5022 'moz_bug_r_a4' discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. (MFSA 2008-56)
- CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. (MFSA 2008-58)
- CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60)
- CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61)
- CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64)
- CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65)
- CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters.
(MFSA 2008-66)
- CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an 'unloaded document.' (MFSA 2008-68)
- CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors.
(MFSA 2008-68)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top