CVE-2008-4066 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Vendor	Product	Version
mozilla	firefox	2.0.0.14
mozilla	firefox	2.0.0.15
mozilla	firefox	2.0.0.16

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

natty	Fixed 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
maverick	Fixed 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
lucid	Fixed 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
karmic	dne
jaunty	dne
intrepid	dne
hardy	Fixed 2.0.0.17+1nobinonly-0ubuntu0.8.04.1 released
gutsy	Fixed 2.0.0.17+1nobinonly-0ubuntu0.7.10 released
feisty	Fixed 2.0.0.17+0nobinonly-0ubuntu0.7.4 released
dapper	Fixed 1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3 released

firefox-3.0

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	Fixed 3.0.3+build1+nobinonly-0ubuntu1 released
intrepid	Fixed 3.0.3+build1+nobinonly-0ubuntu1 released
hardy	Fixed 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
gutsy	ignored
feisty	dne
dapper	dne

iceape

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	ignored
feisty	dne
dapper	dne

mozilla-thunderbird

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	dne
feisty	Fixed 1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1 released
dapper	Fixed 1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1 released

seamonkey

natty	Fixed 1.1.12+nobinonly-0ubuntu1 released
maverick	Fixed 1.1.12+nobinonly-0ubuntu1 released
lucid	Fixed 1.1.12+nobinonly-0ubuntu1 released
karmic	Fixed 1.1.12+nobinonly-0ubuntu1 released
jaunty	Fixed 1.1.12+nobinonly-0ubuntu1 released
intrepid	Fixed 1.1.12+nobinonly-0ubuntu1 released
hardy	Fixed 1.1.12+nobinonly-0ubuntu0.8.04.1 released
gutsy	dne
feisty	dne
dapper	dne

thunderbird

natty	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
maverick	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
lucid	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
karmic	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
jaunty	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
intrepid	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
hardy	Fixed 2.0.0.17+nobinonly-0ubuntu0.8.04.1 released
gutsy	Fixed 2.0.0.17+nobinonly-0ubuntu0.7.10.1 released
feisty	dne
dapper	dne

xulrunner

natty	dne
maverick	dne
lucid	dne
karmic	ignored
jaunty	ignored
intrepid	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1 released
hardy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1 released
gutsy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 released
feisty	ignored
dapper	dne

xulrunner-1.9

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	Fixed 1.9.0.3+build1+nobinonly-0ubuntu2 released
intrepid	Fixed 1.9.0.3+build1+nobinonly-0ubuntu2 released
hardy	Fixed 1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
gutsy	ignored
feisty	dne
dapper	dne

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://blogs.technet.com/bluehat/archive/2008/08/14/targeted-fuzzing.aspx

http://download.novell.com/Download?buildid=WZXONb-tqBw~

http://jvn.jp/en/jp/JVN96950482/index.html

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000058.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

http://secunia.com/advisories/31984

http://secunia.com/advisories/31985

http://secunia.com/advisories/32007

http://secunia.com/advisories/32010

http://secunia.com/advisories/32012

http://secunia.com/advisories/32025

http://secunia.com/advisories/32042

http://secunia.com/advisories/32044

http://secunia.com/advisories/32082

http://secunia.com/advisories/32092

http://secunia.com/advisories/32144

http://secunia.com/advisories/32185

http://secunia.com/advisories/32196

http://secunia.com/advisories/32845

http://secunia.com/advisories/34501

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://www.debian.org/security/2008/dsa-1649

http://www.debian.org/security/2008/dsa-1669

http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

http://www.mozilla.org/security/announce/2008/mfsa2008-43.html

http://www.redhat.com/support/errata/RHSA-2008-0882.html

http://www.redhat.com/support/errata/RHSA-2008-0908.html

http://www.securityfocus.com/bid/31346

http://www.securitytracker.com/id?1020920

http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/

http://www.ubuntu.com/usn/usn-645-1

http://www.ubuntu.com/usn/usn-645-2

http://www.ubuntu.com/usn/usn-647-1

http://www.vupen.com/english/advisories/2008/2661

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=448166

https://exchange.xforce.ibmcloud.com/vulnerabilities/45358

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8880

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

http://blogs.technet.com/bluehat/archive/2008/08/14/targeted-fuzzing.aspx

http://download.novell.com/Download?buildid=WZXONb-tqBw~

http://jvn.jp/en/jp/JVN96950482/index.html

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000058.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

http://secunia.com/advisories/31984

http://secunia.com/advisories/31985

http://secunia.com/advisories/32007

http://secunia.com/advisories/32010

http://secunia.com/advisories/32012

http://secunia.com/advisories/32025

http://secunia.com/advisories/32042

http://secunia.com/advisories/32044

http://secunia.com/advisories/32082

http://secunia.com/advisories/32092

http://secunia.com/advisories/32144

http://secunia.com/advisories/32185

http://secunia.com/advisories/32196

http://secunia.com/advisories/32845

http://secunia.com/advisories/34501

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://www.debian.org/security/2008/dsa-1649

http://www.debian.org/security/2008/dsa-1669

http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

http://www.mozilla.org/security/announce/2008/mfsa2008-43.html

http://www.redhat.com/support/errata/RHSA-2008-0882.html

http://www.redhat.com/support/errata/RHSA-2008-0908.html

http://www.securityfocus.com/bid/31346

http://www.securitytracker.com/id?1020920

http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/

http://www.ubuntu.com/usn/usn-645-1

http://www.ubuntu.com/usn/usn-645-2

http://www.ubuntu.com/usn/usn-647-1

http://www.vupen.com/english/advisories/2008/2661

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=448166

https://exchange.xforce.ibmcloud.com/vulnerabilities/45358

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8880

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html