CVE-2008-1235

Severity

93%

Complexity

86%

Confidentiality

165%

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Mozilla

First reported 16 years ago

2008-03-27 10:44:00

Last updated 6 years ago

2018-10-11 20:30:00

Affected Software

Mozilla Firefox 0.1

0.1

Mozilla Firefox 0.2

0.2

Mozilla Firefox 0.4

0.4

Mozilla Firefox 0.5

0.5

Mozilla Firefox 0.6

0.6

Mozilla Firefox 0.6.1

0.6.1

Mozilla Firefox 0.7

0.7

Mozilla Firefox 0.7.1

0.7.1

Mozilla Firefox 0.8

0.8

Mozilla Firefox 0.9

0.9

Mozilla Firefox 0.9.1

0.9.1

Mozilla Firefox 0.9.2

0.9.2

Mozilla Firefox 0.9.3

0.9.3

Mozilla Firefox 1.0

1.0

Mozilla Firefox 1.0 Preview Release

1.0

Mozilla Firefox 1.0.1

1.0.1

Mozilla Firefox 1.0.2

1.0.2

Mozilla Firefox 1.0.3

1.0.3

Mozilla Firefox 1.0.4

1.0.4

Mozilla Firefox 1.0.5

1.0.5

Mozilla Firefox 1.0.6

1.0.6

Mozilla Firefox 1.0.7

1.0.7

Mozilla Firefox 1.0.8

1.0.8

Mozilla Firefox 1.5

1.5

Mozilla Firefox 1.5.0.1

1.5.0.1

Mozilla Firefox 1.5.0.2

1.5.0.2

Mozilla Firefox 1.5.0.3

1.5.0.3

Mozilla Firefox 1.5.0.4

1.5.0.4

Mozilla Firefox 1.5.0.5

1.5.0.5

Mozilla Firefox 1.5.0.6

1.5.0.6

Mozilla Firefox 1.5.0.7

1.5.0.7

Mozilla Firefox 1.5.0.8

1.5.0.8

Mozilla Firefox 1.5.0.9

1.5.0.9

Mozilla Firefox 1.5.0.10

1.5.0.10

Mozilla Firefox 1.5.0.11

1.5.0.11

Mozilla Firefox 1.5.0.12

1.5.0.12

Mozilla Firefox 2.0

2.0

Mozilla Firefox 2.0.0.1

2.0.0.1

Mozilla Firefox 2.0.0.2

2.0.0.2

Mozilla Firefox 2.0.0.3

2.0.0.3

Mozilla Firefox 2.0.0.4

2.0.0.4

Mozilla Firefox 2.0.0.5

2.0.0.5

Mozilla Firefox 2.0.0.6

2.0.0.6

Mozilla Firefox 2.0.0.7

2.0.0.7

Mozilla Firefox 2.0.0.8

2.0.0.8

Mozilla Firefox 2.0.0.9

2.0.0.9

Mozilla Firefox 2.0.0.10

2.0.0.10

Mozilla Firefox 2.0.0.11

2.0.0.11

Mozilla Firefox

Mozilla SeaMonkey 1.0

1.0

Mozilla SeaMonkey 1.0 alpha

1.0

Mozilla SeaMonkey 1.0 beta

1.0

Mozilla SeaMonkey 1.0.1

1.0.1

Mozilla SeaMonkey 1.0.2

1.0.2

Mozilla SeaMonkey 1.0.3

1.0.3

Mozilla SeaMonkey 1.0.4

1.0.4

Mozilla SeaMonkey 1.0.5

1.0.5

Mozilla SeaMonkey 1.0.6

1.0.6

Mozilla SeaMonkey 1.0.7

1.0.7

Mozilla SeaMonkey 1.0.8

1.0.8

Mozilla SeaMonkey 1.0.9

1.0.9

Mozilla SeaMonkey 1.1

1.1

Mozilla SeaMonkey 1.1 alpha

1.1

Mozilla SeaMonkey 1.1 beta

1.1

Mozilla Seamonkey 1.1.1

1.1.1

Mozilla Seamonkey 1.1.2

1.1.2

Mozilla Seamonkey 1.1.3

1.1.3

Mozilla Seamonkey 1.1.4

1.1.4

Mozilla Seamonkey 1.1.5

1.1.5

Mozilla Seamonkey 1.1.6

1.1.6

Mozilla Seamonkey 1.1.7

1.1.7

Mozilla SeaMonkey

Mozilla Thunderbird 0.1

0.1

Mozilla Thunderbird 0.2

0.2

Mozilla Thunderbird 0.3

0.3

Mozilla Thunderbird 0.4

0.4

Mozilla Thunderbird 0.5

0.5

Mozilla Thunderbird 0.6

0.6

Mozilla Thunderbird 0.7

0.7

Mozilla Thunderbird 0.8

0.8

Mozilla Thunderbird 0.9

0.9

Mozilla Thunderbird 1.0

1.0

Mozilla Thunderbird 1.0.2

1.0.2

Mozilla Thunderbird 1.0.5

1.0.5

Mozilla Thunderbird 1.0.6

1.0.6

Mozilla Thunderbird 1.0.7

1.0.7

Mozilla Thunderbird 1.0.8

1.0.8

Mozilla Thunderbird 1.5

1.5

Mozilla Thunderbird 1.5.0.2

1.5.0.2

Mozilla Thunderbird 1.5.0.4

1.5.0.4

Mozilla Thunderbird 1.5.0.5

1.5.0.5

Mozilla Thunderbird 1.5.0.7

1.5.0.7

Mozilla Thunderbird 1.5.0.8

1.5.0.8

Mozilla Thunderbird 1.5.0.9

1.5.0.9

Mozilla Thunderbird 1.5.0.10

1.5.0.10

Mozilla Thunderbird 1.5.0.12

1.5.0.12

Mozilla Thunderbird 1.5.0.13

1.5.0.13

Mozilla Thunderbird 1.5.0.14

1.5.0.14

Mozilla Thunderbird 2.0.0.0

2.0.0.0

Mozilla Thunderbird 2.0.0.4

2.0.0.4

Mozilla Thunderbird 2.0.0.5

2.0.0.5

Mozilla Thunderbird 2.0.0.6

2.0.0.6

Mozilla Thunderbird 2.0.0.9

2.0.0.9

Mozilla Thunderbird

References

SUSE-SA:2008:019

RHSA-2008:0208

29391

Vendor Advisory

29526

Vendor Advisory

29539

Vendor Advisory

29541

Vendor Advisory

29547

Vendor Advisory

29548

Vendor Advisory

29550

Vendor Advisory

29558

Vendor Advisory

29560

Vendor Advisory

29607

Vendor Advisory

29616

Vendor Advisory

29645

Vendor Advisory

30016

Vendor Advisory

30094

Vendor Advisory

30105

Vendor Advisory

30192

Vendor Advisory

30327

Vendor Advisory

30370

Vendor Advisory

30620

Vendor Advisory

31043

Vendor Advisory

238492

239546

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

DSA-1532

DSA-1534

DSA-1535

DSA-1574

GLSA-200805-18

VU#466521

US Government Resource

MDVSA-2008:080

MDVSA-2008:155

http://www.mozilla.org/security/announce/2008/mfsa2008-14.html

Patch, Vendor Advisory

RHSA-2008:0207

RHSA-2008:0209

20080327 rPSA-2008-0128-1 firefox

28448

1019694

SSA:2008-128-02

USN-592-1

USN-605-1

TA08-087A

US Government Resource

ADV-2008-0998

Vendor Advisory

ADV-2008-0999

Vendor Advisory

ADV-2008-1793

Vendor Advisory

ADV-2008-2091

mozilla-principal-code-execution(41457)

oval:org.mitre.oval:def:10980

FEDORA-2008-3519

FEDORA-2008-3557

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.