Executive Summary
Summary | |
---|---|
Title | New xulrunner packages fix arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-1558 | First vendor Publication | 2008-04-24 |
Vendor | Debian | Last vendor Modification | 2008-04-24 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
It was discovered that crashes in the Javascript engine of xulrunner, the Gecko engine library, could potentially lead to the execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 1.8.0.15~pre080323b-0etch2. For the unstable distribution (sid), this problem has been fixed in version 1.8.1.14-1. We recommend that you upgrade your xulrunner packages. |
Original Source
Url : http://www.debian.org/security/2008/dsa-1558 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10752 | |||
Oval ID: | oval:org.mitre.oval:def:10752 | ||
Title: | The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. | ||
Description: | The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1380 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17739 | |||
Oval ID: | oval:org.mitre.oval:def:17739 | ||
Title: | USN-602-1 -- firefox vulnerabilities | ||
Description: | Flaws were discovered in Firefox which could lead to crashes during JavaScript garbage collection. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-602-1 CVE-2008-1380 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18288 | |||
Oval ID: | oval:org.mitre.oval:def:18288 | ||
Title: | DSA-1558-1 xulrunner - arbitrary code execution | ||
Description: | It was discovered that crashes in the Javascript engine of xulrunner, the Gecko engine library, could potentially lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1558-1 CVE-2008-1380 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18644 | |||
Oval ID: | oval:org.mitre.oval:def:18644 | ||
Title: | DSA-1555-1 iceweasel - arbitrary code execution | ||
Description: | It was discovered that crashes in the Javascript engine of Iceweasel, an unbranded version of the Firefox browser, could potentially lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1555-1 CVE-2008-1380 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18703 | |||
Oval ID: | oval:org.mitre.oval:def:18703 | ||
Title: | DSA-1562-1 iceape - arbitrary code execution | ||
Description: | It was discovered that crashes in the JavaScript engine of Iceape, an unbranded version of the Seamonkey internet suite could potentially lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1562-1 CVE-2008-1380 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21766 | |||
Oval ID: | oval:org.mitre.oval:def:21766 | ||
Title: | ELSA-2008:0222: firefox security update (Critical) | ||
Description: | The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0222-02 CVE-2008-1380 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21830 | |||
Oval ID: | oval:org.mitre.oval:def:21830 | ||
Title: | ELSA-2008:0224: thunderbird security update (Moderate) | ||
Description: | The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0224-01 CVE-2008-1380 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:110 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_110.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-602-1 File : nvt/gb_ubuntu_USN_602_1.nasl |
2009-03-06 | Name : RedHat Update for thunderbird RHSA-2008:0224-01 File : nvt/gb_RHSA-2008_0224-01_thunderbird.nasl |
2009-03-06 | Name : RedHat Update for seamonkey RHSA-2008:0223-02 File : nvt/gb_RHSA-2008_0223-02_seamonkey.nasl |
2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0222-02 File : nvt/gb_RHSA-2008_0222-02_firefox.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0222 centos4 x86_64 File : nvt/gb_CESA-2008_0222_firefox_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0223 centos4 x86_64 File : nvt/gb_CESA-2008_0223_seamonkey_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0223 centos4 i386 File : nvt/gb_CESA-2008_0223_seamonkey_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0223 centos3 x86_64 File : nvt/gb_CESA-2008_0223_seamonkey_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0223 centos3 i386 File : nvt/gb_CESA-2008_0223_seamonkey_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0223-02 centos2 i386 File : nvt/gb_CESA-2008_0223-02_seamonkey_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0222 centos4 i386 File : nvt/gb_CESA-2008_0222_firefox_centos4_i386.nasl |
2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_firefox_fc8.nasl |
2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_devhelp_fc8.nasl |
2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_epiphany-extensions_fc8.nasl |
2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_epiphany_fc8.nasl |
2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_yelp_fc7.nasl |
2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_chmsee_fc8.nasl |
2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_Miro_fc8.nasl |
2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-3264 File : nvt/gb_fedora_2008_3264_seamonkey_fc8.nasl |
2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_galeon_fc7.nasl |
2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_galeon_fc8.nasl |
2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_gnome-python2-extras_fc8.nasl |
2009-02-17 | Name : Fedora Update for gnome-web-photo FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_gnome-web-photo_fc8.nasl |
2009-02-17 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_gtkmozembedmm_fc8.nasl |
2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_kazehakase_fc8.nasl |
2009-02-17 | Name : Fedora Update for liferea FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_liferea_fc8.nasl |
2009-02-17 | Name : Fedora Update for openvrml FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_openvrml_fc8.nasl |
2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_ruby-gnome2_fc8.nasl |
2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_yelp_fc8.nasl |
2009-02-17 | Name : Fedora Update for openvrml FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_openvrml_fc7.nasl |
2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-3557 File : nvt/gb_fedora_2008_3557_thunderbird_fc8.nasl |
2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-3519 File : nvt/gb_fedora_2008_3519_thunderbird_fc7.nasl |
2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-3231 File : nvt/gb_fedora_2008_3231_seamonkey_fc7.nasl |
2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_Miro_fc7.nasl |
2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_chmsee_fc7.nasl |
2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_devhelp_fc7.nasl |
2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_epiphany-extensions_fc7.nasl |
2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_epiphany_fc7.nasl |
2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_firefox_fc7.nasl |
2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_gnome-python2-extras_fc7.nasl |
2009-02-17 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_gtkmozembedmm_fc7.nasl |
2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_kazehakase_fc7.nasl |
2009-02-17 | Name : Fedora Update for liferea FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_liferea_fc7.nasl |
2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_ruby-gnome2_fc7.nasl |
2009-01-13 | Name : Debian Security Advisory DSA 1696-1 (icedove) File : nvt/deb_1696_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-03 (mozilla ...) File : nvt/glsa_200808_03.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-18 (mozilla ...) File : nvt/glsa_200805_18.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox33.nasl |
2008-04-30 | Name : Debian Security Advisory DSA 1562-1 (iceape) File : nvt/deb_1562_1.nasl |
2008-04-30 | Name : Debian Security Advisory DSA 1558-1 (xulrunner) File : nvt/deb_1558_1.nasl |
2008-04-30 | Name : Debian Security Advisory DSA 1555-1 (iceweasel) File : nvt/deb_1555_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-191-03 seamonkey File : nvt/esoft_slk_ssa_2008_191_03.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-108-01 mozilla-firefox File : nvt/esoft_slk_ssa_2008_108_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44467 | Mozilla Multiple Products Javascript Garbage Collector DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0224.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0223.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0222.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080416_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080416_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0224.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-110.nasl - Type : ACT_GATHER_INFO |
2009-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1696.nasl - Type : ACT_GATHER_INFO |
2008-08-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-03.nasl - Type : ACT_GATHER_INFO |
2008-07-10 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-191-03.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1110.nasl - Type : ACT_GATHER_INFO |
2008-06-09 | Name : The remote openSUSE host is missing a security update. File : suse_epiphany-5293.nasl - Type : ACT_GATHER_INFO |
2008-06-09 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5280.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-18.nasl - Type : ACT_GATHER_INFO |
2008-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3519.nasl - Type : ACT_GATHER_INFO |
2008-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3557.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1562.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5219.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5218.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0224.nasl - Type : ACT_GATHER_INFO |
2008-04-28 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_67bd39ba12b511ddbab70016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2008-04-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1558.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3264.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-602-1.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1555.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3231.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-3283.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-3249.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0223.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0222.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-108-01.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0223.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0222.nasl - Type : ACT_GATHER_INFO |
2008-04-17 | Name : The remote Windows host contains a web browser that may allow arbitrary code ... File : mozilla_firefox_20014.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:34 |
|