logo
DATABASE RESOURCES PRICING ABOUT US

Mozilla JavaScript privilege escalation

Description

### Overview Mozilla products contain multiple vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code. ### Description Mozilla Firefox, Thunderbird, and SeaMonkey do not properly handle JavaScript, which may allow privilege escalation and execution of arbitrary code on an affected system. --- ### Impact Successful exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. --- ### Solution **Apply an update** Mozilla Foundation has issued new versions of the affected products which address these vulnerabilities. Please see [MFSA 2008-14](<http://www.mozilla.org/security/announce/2008/mfsa2008-14.html>) for more details. --- **Workaround** Disabling JavaScript is an effective workaround for these vulnerabilities. It is strongly recommended that you disable JavaScript until a version containing patches for these vulnerabilities can be installed. --- ### Vendor Information 466521 Filter by status: All Affected Not Affected Unknown Filter by content: __ Additional information available __ Sort by: Status Alphabetical Expand all **Javascript is disabled. Click here to view vendors.** ### Mozilla __ Affected Updated: March 27, 2008 ### Status Affected ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information The vendor has not provided us with any further information regarding this vulnerability. ### Addendum Mozilla Foundation has issued new versions of the affected products which address these vulnerabilities. If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23466521 Feedback>). ### CVSS Metrics Group | Score | Vector ---|---|--- Base | | Temporal | | Environmental | | ### References <http://www.mozilla.org/security/announce/2008/mfsa2008-14.html> ### Acknowledgements This document was written by Joseph Pruszynski. ### Other Information **CVE IDs:** | [CVE-2008-1233](<http://web.nvd.nist.gov/vuln/detail/CVE-2008-1233>), [CVE-2008-1234](<http://web.nvd.nist.gov/vuln/detail/CVE-2008-1234>), [CVE-2008-1235](<http://web.nvd.nist.gov/vuln/detail/CVE-2008-1235>) ---|--- **Severity Metric:** | 20.38 **Date Public:** | 2008-03-25 **Date First Published:** | 2008-03-27 **Date Last Updated: ** | 2008-03-27 21:08 UTC **Document Revision: ** | 17


Related