CVE-2008-0417 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 82%

Affected Products (NVD)

Vendor	Product	Version
mozilla	firefox	𝑥 ≤ 2.0.0.11

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

dapper	Fixed 1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1 released
edgy	Fixed 2.0.0.12+0nobinonly+2-0ubuntu0.6.10 released
feisty	Fixed 2.0.0.12+1nobinonly+2-0ubuntu0.7.4 released
gutsy	Fixed 2.0.0.12+2nobinonly+2-0ubuntu0.7.10 released
hardy	Fixed 2.0.0.12+2nobinonly+2-0ubuntu3 released
intrepid	dne

iceape

dapper	dne
edgy	dne
feisty	dne
gutsy	ignored
hardy	dne
intrepid	dne

iceweasel

dapper	dne
edgy	dne
feisty	dne
gutsy	dne
hardy	dne
intrepid	dne

seamonkey

dapper	dne
edgy	dne
feisty	dne
gutsy	dne
hardy	Fixed 1.1.9+nobinonly-0ubuntu1 released
intrepid	Fixed 1.1.9+nobinonly-0ubuntu1 released

xulrunner

dapper	dne
edgy	ignored
feisty	ignored
gutsy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 released
hardy	Fixed 1.8.1.13+nobinonly-0ubuntu1 released
intrepid	Fixed 1.8.1.13+nobinonly-0ubuntu1 released

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://browser.netscape.com/releasenotes/

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html

http://secunia.com/advisories/28766

http://secunia.com/advisories/28818

http://secunia.com/advisories/28839

http://secunia.com/advisories/28864

http://secunia.com/advisories/28865

http://secunia.com/advisories/28877

http://secunia.com/advisories/28879

http://secunia.com/advisories/28924

http://secunia.com/advisories/28939

http://secunia.com/advisories/28958

http://secunia.com/advisories/29086

http://secunia.com/advisories/29567

http://secunia.com/advisories/30327

http://secunia.com/advisories/30620

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

http://wiki.rpath.com/Advisories:rPSA-2008-0051

http://www.debian.org/security/2008/dsa-1484

http://www.debian.org/security/2008/dsa-1485

http://www.debian.org/security/2008/dsa-1489

http://www.debian.org/security/2008/dsa-1506

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:048

http://www.mozilla.org/security/announce/2008/mfsa2008-04.html

http://www.redhat.com/support/errata/RHSA-2008-0103.html

http://www.redhat.com/support/errata/RHSA-2008-0104.html

http://www.securityfocus.com/archive/1/487826/100/0/threaded

http://www.securityfocus.com/archive/1/488002/100/0/threaded

http://www.securityfocus.com/bid/27683

http://www.securitytracker.com/id?1019334

http://www.ubuntu.com/usn/usn-576-1

http://www.vupen.com/english/advisories/2008/0453/references

http://www.vupen.com/english/advisories/2008/0627/references

http://www.vupen.com/english/advisories/2008/1793/references

https://bugzilla.mozilla.org/show_bug.cgi?id=394610

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11154

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html

http://browser.netscape.com/releasenotes/

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html

http://secunia.com/advisories/28766

http://secunia.com/advisories/28818

http://secunia.com/advisories/28839

http://secunia.com/advisories/28864

http://secunia.com/advisories/28865

http://secunia.com/advisories/28877

http://secunia.com/advisories/28879

http://secunia.com/advisories/28924

http://secunia.com/advisories/28939

http://secunia.com/advisories/28958

http://secunia.com/advisories/29086

http://secunia.com/advisories/29567

http://secunia.com/advisories/30327

http://secunia.com/advisories/30620

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

http://wiki.rpath.com/Advisories:rPSA-2008-0051

http://www.debian.org/security/2008/dsa-1484

http://www.debian.org/security/2008/dsa-1485

http://www.debian.org/security/2008/dsa-1489

http://www.debian.org/security/2008/dsa-1506

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:048

http://www.mozilla.org/security/announce/2008/mfsa2008-04.html

http://www.redhat.com/support/errata/RHSA-2008-0103.html

http://www.redhat.com/support/errata/RHSA-2008-0104.html

http://www.securityfocus.com/archive/1/487826/100/0/threaded

http://www.securityfocus.com/archive/1/488002/100/0/threaded

http://www.securityfocus.com/bid/27683

http://www.securitytracker.com/id?1019334

http://www.ubuntu.com/usn/usn-576-1

http://www.vupen.com/english/advisories/2008/0453/references

http://www.vupen.com/english/advisories/2008/0627/references

http://www.vupen.com/english/advisories/2008/1793/references

https://bugzilla.mozilla.org/show_bug.cgi?id=394610

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11154

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html