National Vulnerability Database (NVD) National Vulnerability Database (CVE-2008-1233)

National Cyber Awareness System

Vulnerability Summary for CVE-2008-1233

Original release date:03/27/2008

Last revised:03/08/2011

Source: US-CERT/NIST

Overview

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA08-087A

Name: TA08-087A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA08-087A.html

US-CERT Vulnerability Note: VU#466521

Name: VU#466521

Hyperlink:http://www.kb.cert.org/vuls/id/466521

External Source: FEDORA

Name: FEDORA-2008-3557

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html

External Source: FEDORA

Name: FEDORA-2008-3519

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html

External Source: VUPEN

Name: ADV-2008-2091

Hyperlink:http://www.vupen.com/english/advisories/2008/2091/references

External Source: VUPEN

Name: ADV-2008-1793

Hyperlink:http://www.vupen.com/english/advisories/2008/1793/references

External Source: VUPEN

Name: ADV-2008-0999

Hyperlink:http://www.vupen.com/english/advisories/2008/0999/references

External Source: VUPEN

Name: ADV-2008-0998

Hyperlink:http://www.vupen.com/english/advisories/2008/0998/references

External Source: UBUNTU

Name: USN-605-1

Hyperlink:http://www.ubuntu.com/usn/usn-605-1

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2008/mfsa2008-14.html

Hyperlink:http://www.mozilla.org/security/announce/2008/mfsa2008-14.html

External Source: MANDRIVA

Name: MDVSA-2008:155

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:155

External Source: GENTOO

Name: GLSA-200805-18

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

External Source: DEBIAN

Name: DSA-1532

Hyperlink:http://www.debian.org/security/2008/dsa-1532

External Source: CONFIRM

Name: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

Hyperlink:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

External Source: SUNALERT

Name: 239546

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

External Source: SUNALERT

Name: 238492

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

External Source: SECUNIA

Name: 31043

Hyperlink:http://secunia.com/advisories/31043

External Source: SECUNIA

Name: 30620

Hyperlink:http://secunia.com/advisories/30620

External Source: SECUNIA

Name: 30192

Hyperlink:http://secunia.com/advisories/30192

External Source: SECUNIA

Name: 30105

Hyperlink:http://secunia.com/advisories/30105

External Source: SECUNIA

Name: 29560

Type: Advisory

Hyperlink:http://secunia.com/advisories/29560

External Source: SECUNIA

Name: 29391

Type: Advisory

Hyperlink:http://secunia.com/advisories/29391

External Source: REDHAT

Name: RHSA-2008:0208

Hyperlink:http://rhn.redhat.com/errata/RHSA-2008-0208.html

External Source: OVAL

Name: oval:org.mitre.oval:def:11078

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11078

External Source: XF

Name: mozilla-settimeout-code-execution(41443)

Hyperlink:http://xforce.iss.net/xforce/xfdb/41443

External Source: UBUNTU

Name: USN-592-1

Hyperlink:http://www.ubuntu.com/usn/usn-592-1

External Source: SECTRACK

Name: 1019694

Hyperlink:http://www.securitytracker.com/id?1019694

External Source: BID

Name: 28448

Hyperlink:http://www.securityfocus.com/bid/28448

External Source: BUGTRAQ

Name: 20080327 rPSA-2008-0128-1 firefox

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/490196/100/0/threaded

External Source: REDHAT

Name: RHSA-2008:0209

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0209.html

External Source: REDHAT

Name: RHSA-2008:0207

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0207.html

External Source: MANDRIVA

Name: MDVSA-2008:080

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:080

External Source: DEBIAN

Name: DSA-1574

Hyperlink:http://www.debian.org/security/2008/dsa-1574

External Source: DEBIAN

Name: DSA-1535

Hyperlink:http://www.debian.org/security/2008/dsa-1535

External Source: DEBIAN

Name: DSA-1534

Hyperlink:http://www.debian.org/security/2008/dsa-1534

External Source: SECUNIA

Name: 30370

Hyperlink:http://secunia.com/advisories/30370

External Source: SECUNIA

Name: 30327

Hyperlink:http://secunia.com/advisories/30327

External Source: SECUNIA

Name: 30094

Hyperlink:http://secunia.com/advisories/30094

External Source: SECUNIA

Name: 30016

Hyperlink:http://secunia.com/advisories/30016

External Source: SECUNIA

Name: 29645

Hyperlink:http://secunia.com/advisories/29645

External Source: SECUNIA

Name: 29616

Hyperlink:http://secunia.com/advisories/29616

External Source: SECUNIA

Name: 29607

Hyperlink:http://secunia.com/advisories/29607

External Source: SECUNIA

Name: 29558

Hyperlink:http://secunia.com/advisories/29558

External Source: SECUNIA

Name: 29550

Hyperlink:http://secunia.com/advisories/29550

External Source: SECUNIA

Name: 29548

Hyperlink:http://secunia.com/advisories/29548

External Source: SECUNIA

Name: 29547

Hyperlink:http://secunia.com/advisories/29547

External Source: SECUNIA

Name: 29541

Hyperlink:http://secunia.com/advisories/29541

External Source: SECUNIA

Name: 29539

Hyperlink:http://secunia.com/advisories/29539

External Source: SECUNIA

Name: 29526

Hyperlink:http://secunia.com/advisories/29526

External Source: SLACKWARE

Name: SSA:2008-128-02

Hyperlink:http://marc.info/?l=slackware-security&m=121022465927874&w=2

External Source: SUSE

Name: SUSE-SA:2008:019

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

References to Check Content

Identifier:oval:org.mitre.oval:def:11078

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11078

Vulnerable software and versions

Configuration 1

* cpe:/a:mozilla:firefox:2.0.0.12 and previous versions

* cpe:/a:mozilla:seamonkey:1.1.8 and previous versions

* cpe:/a:mozilla:thunderbird:2.0.0.12 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Code Injection (CWE-94)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233