CVE-2008-1233 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Vendor	Product	Version
mozilla	firefox	𝑥 ≤ 2.0.0.12
mozilla	seamonkey	𝑥 ≤ 1.1.8
mozilla	thunderbird	𝑥 ≤ 2.0.0.12

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

intrepid	dne
hardy	Fixed 2.0.0.13+1nobinonly-0ubuntu1 released
gutsy	Fixed 2.0.0.13+1nobinonly-0ubuntu0.7.10 released
feisty	Fixed 2.0.0.13+0nobinonly-0ubuntu0.7.4 released
edgy	Fixed 2.0.0.13+0nobinonly-0ubuntu0.6.10 released
dapper	Fixed 1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1 released

iceape

intrepid	dne
hardy	dne
gutsy	ignored
feisty	dne
edgy	dne
dapper	dne

icedove

intrepid	dne
hardy	dne
gutsy	dne
feisty	dne
edgy	dne
dapper	dne

iceweasel

intrepid	dne
hardy	dne
gutsy	dne
feisty	dne
edgy	dne
dapper	dne

mozilla-thunderbird

intrepid	dne
hardy	dne
gutsy	dne
feisty	Fixed 1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1 released
edgy	ignored
dapper	Fixed 1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.6.06.1 released

seamonkey

intrepid	Fixed 1.1.9+nobinonly-0ubuntu1 released
hardy	Fixed 1.1.9+nobinonly-0ubuntu1 released
gutsy	dne
feisty	dne
edgy	dne
dapper	dne

thunderbird

intrepid	Fixed 2.0.0.14+nobinonly-0ubuntu2 released
hardy	Fixed 2.0.0.14+nobinonly-0ubuntu0.8.04.1 released
gutsy	Fixed 2.0.0.14+nobinonly-0ubuntu0.7.10.0 released
feisty	dne
edgy	dne
dapper	dne

xulrunner

intrepid	Fixed 1.8.1.13+nobinonly-0ubuntu1 released
hardy	Fixed 1.8.1.13+nobinonly-0ubuntu1 released
gutsy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 released
feisty	ignored
edgy	ignored
dapper	dne

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

http://rhn.redhat.com/errata/RHSA-2008-0208.html

http://secunia.com/advisories/29391

http://secunia.com/advisories/29526

http://secunia.com/advisories/29539

http://secunia.com/advisories/29541

http://secunia.com/advisories/29547

http://secunia.com/advisories/29548

http://secunia.com/advisories/29550

http://secunia.com/advisories/29558

http://secunia.com/advisories/29560

http://secunia.com/advisories/29607

http://secunia.com/advisories/29616

http://secunia.com/advisories/29645

http://secunia.com/advisories/30016

http://secunia.com/advisories/30094

http://secunia.com/advisories/30105

http://secunia.com/advisories/30192

http://secunia.com/advisories/30327

http://secunia.com/advisories/30370

http://secunia.com/advisories/30620

http://secunia.com/advisories/31043

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

http://www.debian.org/security/2008/dsa-1532

http://www.debian.org/security/2008/dsa-1534

http://www.debian.org/security/2008/dsa-1535

http://www.debian.org/security/2008/dsa-1574

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.kb.cert.org/vuls/id/466521

http://www.mandriva.com/security/advisories?name=MDVSA-2008:080

http://www.mandriva.com/security/advisories?name=MDVSA-2008:155

http://www.mozilla.org/security/announce/2008/mfsa2008-14.html

http://www.redhat.com/support/errata/RHSA-2008-0207.html

http://www.redhat.com/support/errata/RHSA-2008-0209.html

http://www.securityfocus.com/archive/1/490196/100/0/threaded

http://www.securityfocus.com/bid/28448

http://www.securitytracker.com/id?1019694

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313

http://www.ubuntu.com/usn/usn-592-1

http://www.ubuntu.com/usn/usn-605-1

http://www.us-cert.gov/cas/techalerts/TA08-087A.html

http://www.vupen.com/english/advisories/2008/0998/references

http://www.vupen.com/english/advisories/2008/0999/references

http://www.vupen.com/english/advisories/2008/1793/references

http://www.vupen.com/english/advisories/2008/2091/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41443

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11078

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

http://rhn.redhat.com/errata/RHSA-2008-0208.html

http://secunia.com/advisories/29391

http://secunia.com/advisories/29526

http://secunia.com/advisories/29539

http://secunia.com/advisories/29541

http://secunia.com/advisories/29547

http://secunia.com/advisories/29548

http://secunia.com/advisories/29550

http://secunia.com/advisories/29558

http://secunia.com/advisories/29560

http://secunia.com/advisories/29607

http://secunia.com/advisories/29616

http://secunia.com/advisories/29645

http://secunia.com/advisories/30016

http://secunia.com/advisories/30094

http://secunia.com/advisories/30105

http://secunia.com/advisories/30192

http://secunia.com/advisories/30327

http://secunia.com/advisories/30370

http://secunia.com/advisories/30620

http://secunia.com/advisories/31043

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

http://www.debian.org/security/2008/dsa-1532

http://www.debian.org/security/2008/dsa-1534

http://www.debian.org/security/2008/dsa-1535

http://www.debian.org/security/2008/dsa-1574

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.kb.cert.org/vuls/id/466521

http://www.mandriva.com/security/advisories?name=MDVSA-2008:080

http://www.mandriva.com/security/advisories?name=MDVSA-2008:155

http://www.mozilla.org/security/announce/2008/mfsa2008-14.html

http://www.redhat.com/support/errata/RHSA-2008-0207.html

http://www.redhat.com/support/errata/RHSA-2008-0209.html

http://www.securityfocus.com/archive/1/490196/100/0/threaded

http://www.securityfocus.com/bid/28448

http://www.securitytracker.com/id?1019694

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313

http://www.ubuntu.com/usn/usn-592-1

http://www.ubuntu.com/usn/usn-605-1

http://www.us-cert.gov/cas/techalerts/TA08-087A.html

http://www.vupen.com/english/advisories/2008/0998/references

http://www.vupen.com/english/advisories/2008/0999/references

http://www.vupen.com/english/advisories/2008/1793/references

http://www.vupen.com/english/advisories/2008/2091/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41443

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11078

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html