Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1235

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1235
Last Modified 12 Apr 2011 12:00:00
Published 27 Mar 2008 06:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1235

Summary

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."

Vulnerable Systems

Application

  • Mozilla Firefox 0.1

  • Mozilla Firefox 0.2

  • Mozilla Firefox 0.4

  • Mozilla Firefox 0.5

  • Mozilla Firefox 0.6

  • Mozilla Firefox 0.6.1

  • Mozilla Firefox 0.7

  • Mozilla Firefox 0.7.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.0.8

  • Mozilla Firefox 1.5

  • Mozilla Firefox 1.5.0.1

  • Mozilla Firefox 1.5.0.10

  • Mozilla Firefox 1.5.0.11

  • Mozilla Firefox 1.5.0.12

  • Mozilla Firefox 1.5.0.2

  • Mozilla Firefox 1.5.0.3

  • Mozilla Firefox 1.5.0.4

  • Mozilla Firefox 1.5.0.5

  • Mozilla Firefox 1.5.0.6

  • Mozilla Firefox 1.5.0.7

  • Mozilla Firefox 1.5.0.8

  • Mozilla Firefox 1.5.0.9

  • Mozilla Firefox 2.0

  • Mozilla Firefox 2.0.0.1

  • Mozilla Firefox 2.0.0.10

  • Mozilla Firefox 2.0.0.11

  • Mozilla Firefox 2.0.0.12

  • Mozilla Firefox 2.0.0.2

  • Mozilla Firefox 2.0.0.3

  • Mozilla Firefox 2.0.0.4

  • Mozilla Firefox 2.0.0.5

  • Mozilla Firefox 2.0.0.6

  • Mozilla Firefox 2.0.0.7

  • Mozilla Firefox 2.0.0.8

  • Mozilla Firefox 2.0.0.9

  • Mozilla Seamonkey 1.0

  • Mozilla Seamonkey 1.0.1

  • Mozilla Seamonkey 1.0.2

  • Mozilla Seamonkey 1.0.3

  • Mozilla Seamonkey 1.0.4

  • Mozilla Seamonkey 1.0.5

  • Mozilla Seamonkey 1.0.6

  • Mozilla Seamonkey 1.0.7

  • Mozilla Seamonkey 1.0.8

  • Mozilla Seamonkey 1.0.9

  • Mozilla Seamonkey 1.1

  • Mozilla Seamonkey 1.1.1

  • Mozilla Seamonkey 1.1.2

  • Mozilla Seamonkey 1.1.3

  • Mozilla Seamonkey 1.1.4

  • Mozilla Seamonkey 1.1.5

  • Mozilla Seamonkey 1.1.6

  • Mozilla Seamonkey 1.1.7

  • Mozilla Seamonkey 1.1.8

  • Mozilla Thunderbird 0.1

  • Mozilla Thunderbird 0.2

  • Mozilla Thunderbird 0.3

  • Mozilla Thunderbird 0.4

  • Mozilla Thunderbird 0.5

  • Mozilla Thunderbird 0.6

  • Mozilla Thunderbird 0.7

  • Mozilla Thunderbird 0.8

  • Mozilla Thunderbird 0.9

  • Mozilla Thunderbird 1.0

  • Mozilla Thunderbird 1.0.2

  • Mozilla Thunderbird 1.0.4

  • Mozilla Thunderbird 1.0.5

  • Mozilla Thunderbird 1.0.6

  • Mozilla Thunderbird 1.0.7

  • Mozilla Thunderbird 1.0.8

  • Mozilla Thunderbird 1.5

  • Mozilla Thunderbird 1.5.0.10

  • Mozilla Thunderbird 1.5.0.12

  • Mozilla Thunderbird 1.5.0.13

  • Mozilla Thunderbird 1.5.0.14

  • Mozilla Thunderbird 1.5.0.2

  • Mozilla Thunderbird 1.5.0.4

  • Mozilla Thunderbird 1.5.0.5

  • Mozilla Thunderbird 1.5.0.7

  • Mozilla Thunderbird 1.5.0.8

  • Mozilla Thunderbird 1.5.0.9

  • Mozilla Thunderbird 2.0.0.0

  • Mozilla Thunderbird 2.0.0.12

  • Mozilla Thunderbird 2.0.0.4

  • Mozilla Thunderbird 2.0.0.5

  • Mozilla Thunderbird 2.0.0.6

  • Mozilla Thunderbird 2.0.0.9


References

CERT - TA08-087A

CERT-VN - VU#466521

CONFIRM - http://www.mozilla.org/security/announce/2008/mfsa2008-14.html

FEDORA - FEDORA-2008-3557

FEDORA - FEDORA-2008-3519

XF - mozilla-principal-code-execution(41457)

VUPEN - ADV-2008-2091

VUPEN - ADV-2008-1793

VUPEN - ADV-2008-0999

VUPEN - ADV-2008-0998

UBUNTU - USN-605-1

UBUNTU - USN-592-1

SECTRACK - 1019694

BID - 28448

BUGTRAQ - 20080327 rPSA-2008-0128-1 firefox

REDHAT - RHSA-2008:0209

REDHAT - RHSA-2008:0207

MANDRIVA - MDVSA-2008:155

MANDRIVA - MDVSA-2008:080

GENTOO - GLSA-200805-18

DEBIAN - DSA-1574

DEBIAN - DSA-1535

DEBIAN - DSA-1534

DEBIAN - DSA-1532

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

SUNALERT - 239546

SUNALERT - 238492

SECUNIA - 31043

SECUNIA - 30620

SECUNIA - 30370

SECUNIA - 30327

SECUNIA - 30192

SECUNIA - 30105

SECUNIA - 30094

SECUNIA - 30016

SECUNIA - 29645

SECUNIA - 29616

SECUNIA - 29607

SECUNIA - 29560

SECUNIA - 29558

SECUNIA - 29550

SECUNIA - 29548

SECUNIA - 29547

SECUNIA - 29541

SECUNIA - 29539

SECUNIA - 29526

SECUNIA - 29391

REDHAT - RHSA-2008:0208

SLACKWARE - SSA:2008-128-02

SUSE - SUSE-SA:2008:019

Related Patches

Novell SUSE 2008:5164 mozilla-xulrunner security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:47:05