[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-1235Date: (C)2008-03-27   (M)2023-12-22


Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1019694
http://www.securityfocus.com/archive/1/490196/100/0/threaded
SUNALERT-238492
SUNALERT-239546
BID-28448
SECUNIA-29391
SECUNIA-29526
SECUNIA-29539
SECUNIA-29541
SECUNIA-29547
SECUNIA-29548
SECUNIA-29550
SECUNIA-29558
SECUNIA-29560
SECUNIA-29607
SECUNIA-29616
SECUNIA-29645
SECUNIA-30016
SECUNIA-30094
SECUNIA-30105
SECUNIA-30192
SECUNIA-30327
SECUNIA-30370
SECUNIA-30620
SECUNIA-31043
ADV-2008-0998
ADV-2008-0999
ADV-2008-1793
ADV-2008-2091
DSA-1532
DSA-1534
DSA-1535
DSA-1574
FEDORA-2008-3519
FEDORA-2008-3557
GLSA-200805-18
MDVSA-2008:080
MDVSA-2008:155
RHSA-2008:0207
RHSA-2008:0208
RHSA-2008:0209
SSA:2008-128-02
SUSE-SA:2008:019
TA08-087A
USN-592-1
USN-605-1
VU#466521
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128
http://www.mozilla.org/security/announce/2008/mfsa2008-14.html
mozilla-principal-code-execution(41457)
oval:org.mitre.oval:def:10980

CPE    105
cpe:/a:mozilla:thunderbird:2.0.0.4
cpe:/a:mozilla:seamonkey:1.0.1
cpe:/a:mozilla:thunderbird:2.0.0.0
cpe:/a:mozilla:seamonkey:1.0.2
...
OVAL    7
oval:org.mitre.oval:def:7681
oval:org.mitre.oval:def:7395
oval:org.mitre.oval:def:7955
oval:org.secpod.oval:def:301399
...

© SecPod Technologies