CVE-2008-1380

Severity

93%

Complexity

86%

Confidentiality

165%

The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.

The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Mozilla

First reported 16 years ago

2008-04-17 19:05:00

Last updated 6 years ago

2018-10-11 20:32:00

Affected Software

Mozilla Firefox 2.0

2.0

Mozilla Firefox 2.0.0.1

2.0.0.1

Mozilla Firefox 2.0.0.2

2.0.0.2

Mozilla Firefox 2.0.0.3

2.0.0.3

Mozilla Firefox 2.0.0.4

2.0.0.4

Mozilla Firefox 2.0.0.5

2.0.0.5

Mozilla Firefox 2.0.0.6

2.0.0.6

Mozilla Firefox 2.0.0.7

2.0.0.7

Mozilla Firefox 2.0.0.8

2.0.0.8

Mozilla Firefox 2.0.0.9

2.0.0.9

Mozilla Firefox 2.0.0.10

2.0.0.10

Mozilla Firefox 2.0.0.11

2.0.0.11

Mozilla Firefox 2.0.0.12

2.0.0.12

Mozilla Firefox

Mozilla SeaMonkey 1.0

1.0

Mozilla SeaMonkey 1.0.1

1.0.1

Mozilla SeaMonkey 1.0.2

1.0.2

Mozilla SeaMonkey 1.0.3

1.0.3

Mozilla SeaMonkey 1.0.4

1.0.4

Mozilla SeaMonkey 1.0.5

1.0.5

Mozilla SeaMonkey 1.0.6

1.0.6

Mozilla SeaMonkey 1.0.7

1.0.7

Mozilla SeaMonkey 1.0.8

1.0.8

Mozilla SeaMonkey 1.0.9

1.0.9

Mozilla SeaMonkey 1.1

1.1

Mozilla Seamonkey 1.1.2

1.1.2

Mozilla Seamonkey 1.1.3

1.1.3

Mozilla Seamonkey 1.1.4

1.1.4

Mozilla Seamonkey 1.1.5

1.1.5

Mozilla Seamonkey 1.1.6

1.1.6

Mozilla Seamonkey 1.1.7

1.1.7

Mozilla SeaMonkey 1.1.8

1.1.8

Mozilla SeaMonkey

Mozilla Thunderbird 2.0.0.0

2.0.0.0

Mozilla Thunderbird 2.0.0.4

2.0.0.4

Mozilla Thunderbird 2.0.0.5

2.0.0.5

Mozilla Thunderbird 2.0.0.6

2.0.0.6

Mozilla Thunderbird 2.0.0.9

2.0.0.9

Mozilla Thunderbird 2.0.0.12

2.0.0.12

Mozilla Thunderbird

References

SUSE-SR:2008:011

29787

Patch, Vendor Advisory

29793

29828

29860

Vendor Advisory

29883

29908

29911

29912

29947

30012

30029

30192

30327

30620

30717

31023

31377

33434

GLSA-200808-03

SSA:2008-191-03

SSA:2008-108-01

238492

DSA-1555

DSA-1558

DSA-1562

DSA-1696

GLSA-200805-18

VU#441529

US Government Resource

MDVSA-2008:110

http://www.mozilla.org/security/announce/2008/mfsa2008-20.html

SUSE-SR:2008:013

RHSA-2008:0222

RHSA-2008:0223

RHSA-2008:0224

20080508 FLEA-2008-0008-1 firefox

28818

1019873

USN-602-1

ADV-2008-1251

ADV-2008-1793

https://bugzilla.mozilla.org/show_bug.cgi?id=425576

mozilla-garbage-code-execution(41857)

oval:org.mitre.oval:def:10752

FEDORA-2008-3231

FEDORA-2008-3264

FEDORA-2008-3519

FEDORA-2008-3557

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.