Lucene search

K
certCERTVU:466521
HistoryMar 27, 2008 - 12:00 a.m.

Mozilla JavaScript privilege escalation

2008-03-2700:00:00
www.kb.cert.org
28

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.428 Medium

EPSS

Percentile

97.2%

Overview

Mozilla products contain multiple vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code.

Description

Mozilla Firefox, Thunderbird, and SeaMonkey do not properly handle JavaScript, which may allow privilege escalation and execution of arbitrary code on an affected system.


Impact

Successful exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.


Solution

Apply an update

Mozilla Foundation has issued new versions of the affected products which address these vulnerabilities. Please see MFSA 2008-14 for more details.


Workaround
Disabling JavaScript is an effective workaround for these vulnerabilities. It is strongly recommended that you disable JavaScript until a version containing patches for these vulnerabilities can be installed.


Vendor Information

466521

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Mozilla __ Affected

Updated: March 27, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Mozilla Foundation has issued new versions of the affected products which address these vulnerabilities.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23466521 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<http://www.mozilla.org/security/announce/2008/mfsa2008-14.html&gt;

Acknowledgements

This document was written by Joseph Pruszynski.

Other Information

CVE IDs: CVE-2008-1233, CVE-2008-1234, CVE-2008-1235
Severity Metric: 20.38 Date Public:

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.428 Medium

EPSS

Percentile

97.2%