CVE-2008-1235

critical

Description

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."

References

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10980

https://exchange.xforce.ibmcloud.com/vulnerabilities/41457

http://www.vupen.com/english/advisories/2008/2091/references

http://www.vupen.com/english/advisories/2008/1793/references

http://www.vupen.com/english/advisories/2008/0999/references

http://www.vupen.com/english/advisories/2008/0998/references

http://www.us-cert.gov/cas/techalerts/TA08-087A.html

http://www.ubuntu.com/usn/usn-605-1

http://www.ubuntu.com/usn/usn-592-1

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313

http://www.securitytracker.com/id?1019694

http://www.securityfocus.com/bid/28448

http://www.securityfocus.com/archive/1/490196/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2008-0209.html

http://www.redhat.com/support/errata/RHSA-2008-0207.html

http://www.mozilla.org/security/announce/2008/mfsa2008-14.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:155

http://www.mandriva.com/security/advisories?name=MDVSA-2008:080

http://www.kb.cert.org/vuls/id/466521

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.debian.org/security/2008/dsa-1574

http://www.debian.org/security/2008/dsa-1535

http://www.debian.org/security/2008/dsa-1534

http://www.debian.org/security/2008/dsa-1532

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://secunia.com/advisories/31043

http://secunia.com/advisories/30620

http://secunia.com/advisories/30370

http://secunia.com/advisories/30327

http://secunia.com/advisories/30192

http://secunia.com/advisories/30105

http://secunia.com/advisories/30094

http://secunia.com/advisories/30016

http://secunia.com/advisories/29645

http://secunia.com/advisories/29616

http://secunia.com/advisories/29607

http://secunia.com/advisories/29560

http://secunia.com/advisories/29558

http://secunia.com/advisories/29550

http://secunia.com/advisories/29548

http://secunia.com/advisories/29547

http://secunia.com/advisories/29541

http://secunia.com/advisories/29539

http://secunia.com/advisories/29526

http://secunia.com/advisories/29391

http://rhn.redhat.com/errata/RHSA-2008-0208.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

Details

Source: Mitre, NVD

Published: 2008-03-27

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical