Lucene search
Ubuntu.comUB:CVE-2008-2419HistoryMay 23, 2008 - 12:00 a.m.
CVE-2008-2419
2008-05-2300:00:00
ubuntu.com
ubuntu.com
10
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
0.015
Percentile
86.9%
Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of
service (heap corruption and application crash) or possibly execute
arbitrary code by triggering an error condition during certain Iframe
operations between a JSframe write and a JSframe close, as demonstrated by
an error in loading an empty Java applet defined by a ‘src=“javascript:”’
sequence.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | firefox 3 not affected. seems a simple DoS, but will elevate if evidence of ability to execute code |
| mdeslaur | upstream couldn’t reproduce, ignoring. |
Related
prion
prion
Design/Logic Flaw
2008-05-23 15:32:00
exploitdb
exploitdb
Mozilla Firefox 2.0.0.14 - JSframe Heap Corruption Denial of Service
2008-05-21 00:00:00
nvd
nvd
CVE-2008-2419
2008-05-23 15:32:00
cvelist
cvelist
CVE-2008-2419
2008-05-23 15:00:00
cve
cve
CVE-2008-2419
2008-05-23 15:32:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
0.015
Percentile
86.9%
Related for UB:CVE-2008-2419