CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.0%
Various flaws were discovered in the browser engine. By tricking
a user into opening a malicious web page, an attacker could cause
a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the
program. (CVE-2008-2798, CVE-2008-2799)
Several problems were discovered in the JavaScript engine. If a
user were tricked into opening a malicious web page, an attacker
could perform cross-site scripting attacks. (CVE-2008-2800)
Collin Jackson discovered various flaws in the JavaScript engine
which allowed JavaScript to be injected into signed JAR files. If
a user were tricked into opening malicious web content, an
attacker may be able to execute arbitrary code with the privileges
of a different website or link content within the JAR file to an
attacker-controlled JavaScript file. (CVE-2008-2801)
It was discovered that Firefox would allow non-privileged XUL
documents to load chrome scripts from the fastload file. This
could allow an attacker to execute arbitrary JavaScript code with
chrome privileges. (CVE-2008-2802)
A flaw was discovered in Firefox that allowed overwriting trusted
objects via mozIJSSubScriptLoader.loadSubScript(). If a user were
tricked into opening a malicious web page, an attacker could
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-2803)
Claudio Santambrogio discovered a vulnerability in Firefox which
could lead to stealing of arbitrary files. If a user were tricked
into opening malicious content, an attacker could force the browser
into uploading local files to the remote server. (CVE-2008-2805)
Gregory Fleischer discovered a flaw in Java LiveConnect. An attacker
could exploit this to bypass the same-origin policy and create
arbitrary socket connections to other domains. (CVE-2008-2806)
Daniel Glazman found that an improperly encoded .properties file
in an add-on can result in uninitialized memory being used. If
a user were tricked into installing a malicious add-on, the
browser may be able to see data from other programs.
(CVE-2008-2807)
Masahiro Yamada discovered that Firefox did not properly sanitize
file URLs in directory listings, resulting in files from directory
listings being opened in unintended ways or not being able to be
opened by the browser at all. (CVE-2008-2808)
John G. Myers discovered a weakness in the trust model used by
Firefox regarding alternate names on self-signed certificates. If
a user were tricked into accepting a certificate containing
alternate name entries, an attacker could impersonate another
server. (CVE-2008-2809)
A flaw was discovered in the way Firefox opened URL files. If a user
were tricked into opening a bookmark to a malicious web page, the
page could potentially read from local files on the userβs computer.
(CVE-2008-2810)
A vulnerability was discovered in the block reflow code of Firefox.
This vulnerability could be used by an attacker to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2008-2811)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 7.10 | noarch | firefox | <Β 2.0.0.15+1nobinonly-0ubuntu0.7.10 | UNKNOWN |
Ubuntu | 7.10 | noarch | firefox-dbg | <Β 2.0.0.15+1nobinonly-0ubuntu0.7.10 | UNKNOWN |
Ubuntu | 7.10 | noarch | firefox-dev | <Β 2.0.0.15+1nobinonly-0ubuntu0.7.10 | UNKNOWN |
Ubuntu | 7.10 | noarch | firefox-gnome-support | <Β 2.0.0.15+1nobinonly-0ubuntu0.7.10 | UNKNOWN |
Ubuntu | 7.10 | noarch | firefox-libthai | <Β 2.0.0.15+1nobinonly-0ubuntu0.7.10 | UNKNOWN |
Ubuntu | 7.04 | noarch | firefox | <Β 2.0.0.15+0nobinonly-0ubuntu0.7.4 | UNKNOWN |
Ubuntu | 7.04 | noarch | firefox-dbg | <Β 2.0.0.15+0nobinonly-0ubuntu0.7.4 | UNKNOWN |
Ubuntu | 7.04 | noarch | firefox-dev | <Β 2.0.0.15+0nobinonly-0ubuntu0.7.4 | UNKNOWN |
Ubuntu | 7.04 | noarch | firefox-gnome-support | <Β 2.0.0.15+0nobinonly-0ubuntu0.7.4 | UNKNOWN |
Ubuntu | 7.04 | noarch | firefox-libthai | <Β 2.0.0.15+0nobinonly-0ubuntu0.7.4 | UNKNOWN |
ubuntu.com/security/CVE-2008-2798
ubuntu.com/security/CVE-2008-2799
ubuntu.com/security/CVE-2008-2800
ubuntu.com/security/CVE-2008-2801
ubuntu.com/security/CVE-2008-2802
ubuntu.com/security/CVE-2008-2803
ubuntu.com/security/CVE-2008-2805
ubuntu.com/security/CVE-2008-2806
ubuntu.com/security/CVE-2008-2807
ubuntu.com/security/CVE-2008-2808
ubuntu.com/security/CVE-2008-2809
ubuntu.com/security/CVE-2008-2810
ubuntu.com/security/CVE-2008-2811