Lucene search

K

[email protected]CVE-2008-5014

HistoryNov 13, 2008 - 11:30 a.m.

CVE-2008-5014

2008-11-1311:30:01

CWE-20

[email protected]

web.nvd.nist.gov

54

cve-2008-5014

mozilla firefox

thunderbird

seamonkey

denial of service

code execution

remote attackers

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.9 High

AI Score

Confidence

High

0.114 Low

EPSS

Percentile

95.3%

jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.proto.proto object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.

Affected configurations

NVD

Node

mozillafirefoxRange2.0–2.0.0.18

OR

mozillafirefoxRange3.0–3.0.2

OR

mozillaseamonkeyRange1.0–1.1.13

OR

mozillathunderbirdRange2.0–2.0.0.18

Node

debiandebian_linuxMatch4.0

Node

canonicalubuntu_linuxMatch6.06lts

OR

canonicalubuntu_linuxMatch7.10

OR

canonicalubuntu_linuxMatch8.04lts

OR

canonicalubuntu_linuxMatch8.10

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt2.0.0.18
mozilla:firefoxmozilla firefoxlt3.0.2
mozilla:seamonkeymozilla seamonkeylt1.1.13
mozilla:thunderbirdmozilla thunderbirdlt2.0.0.18

References

lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

secunia.com/advisories/32011

secunia.com/advisories/32684

secunia.com/advisories/32693

secunia.com/advisories/32694

secunia.com/advisories/32695

secunia.com/advisories/32714

secunia.com/advisories/32715

secunia.com/advisories/32721

secunia.com/advisories/32778

secunia.com/advisories/32798

secunia.com/advisories/32845

secunia.com/advisories/32853

secunia.com/advisories/33433

secunia.com/advisories/33434

secunia.com/advisories/34501

sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

ubuntu.com/usn/usn-667-1

www.debian.org/security/2008/dsa-1669

www.debian.org/security/2008/dsa-1671

www.debian.org/security/2009/dsa-1696

www.debian.org/security/2009/dsa-1697

www.mandriva.com/security/advisories?name=MDVSA-2008:228

www.mandriva.com/security/advisories?name=MDVSA-2008:230

www.mandriva.com/security/advisories?name=MDVSA-2008:235

www.mozilla.org/security/announce/2008/mfsa2008-50.html

www.redhat.com/support/errata/RHSA-2008-0976.html

www.redhat.com/support/errata/RHSA-2008-0977.html

www.redhat.com/support/errata/RHSA-2008-0978.html

www.securityfocus.com/bid/32281

www.securitytracker.com/id?1021182

www.us-cert.gov/cas/techalerts/TA08-319A.html

www.vupen.com/english/advisories/2008/3146

www.vupen.com/english/advisories/2009/0977

bugzilla.mozilla.org/show_bug.cgi?id=436741

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9157

www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.9 High

AI Score

Confidence

High

0.114 Low

EPSS

Percentile

95.3%

Related for CVE-2008-5014

ubuntucve1 veracode1 cvelist1 prion1 securityvulns1 nvd1 mozilla1 openvas105 nessus34 ubuntu1 fedora39 centos4 redhat3 oraclelinux3 debian1 osv1 suse1