Executive Summary
Summary | |
---|---|
Title | firefox security update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:0222 | First vendor Publication | 2008-04-16 |
Vendor | RedHat | Last vendor Modification | 2008-04-16 |
Severity (Vendor) | Critical | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated firefox packages that fix a security bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Mozilla Firefox is an open source Web browser. A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1380) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 440518 - CVE-2008-1380 Firefox JavaScript garbage collection crash |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-0222.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10752 | |||
Oval ID: | oval:org.mitre.oval:def:10752 | ||
Title: | The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. | ||
Description: | The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1380 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17739 | |||
Oval ID: | oval:org.mitre.oval:def:17739 | ||
Title: | USN-602-1 -- firefox vulnerabilities | ||
Description: | Flaws were discovered in Firefox which could lead to crashes during JavaScript garbage collection. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-602-1 CVE-2008-1380 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18288 | |||
Oval ID: | oval:org.mitre.oval:def:18288 | ||
Title: | DSA-1558-1 xulrunner - arbitrary code execution | ||
Description: | It was discovered that crashes in the Javascript engine of xulrunner, the Gecko engine library, could potentially lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1558-1 CVE-2008-1380 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18644 | |||
Oval ID: | oval:org.mitre.oval:def:18644 | ||
Title: | DSA-1555-1 iceweasel - arbitrary code execution | ||
Description: | It was discovered that crashes in the Javascript engine of Iceweasel, an unbranded version of the Firefox browser, could potentially lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1555-1 CVE-2008-1380 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18703 | |||
Oval ID: | oval:org.mitre.oval:def:18703 | ||
Title: | DSA-1562-1 iceape - arbitrary code execution | ||
Description: | It was discovered that crashes in the JavaScript engine of Iceape, an unbranded version of the Seamonkey internet suite could potentially lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1562-1 CVE-2008-1380 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21766 | |||
Oval ID: | oval:org.mitre.oval:def:21766 | ||
Title: | ELSA-2008:0222: firefox security update (Critical) | ||
Description: | The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0222-02 CVE-2008-1380 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21830 | |||
Oval ID: | oval:org.mitre.oval:def:21830 | ||
Title: | ELSA-2008:0224: thunderbird security update (Moderate) | ||
Description: | The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0224-01 CVE-2008-1380 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:110 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_110.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-602-1 File : nvt/gb_ubuntu_USN_602_1.nasl |
2009-03-06 | Name : RedHat Update for thunderbird RHSA-2008:0224-01 File : nvt/gb_RHSA-2008_0224-01_thunderbird.nasl |
2009-03-06 | Name : RedHat Update for seamonkey RHSA-2008:0223-02 File : nvt/gb_RHSA-2008_0223-02_seamonkey.nasl |
2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0222-02 File : nvt/gb_RHSA-2008_0222-02_firefox.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0222 centos4 x86_64 File : nvt/gb_CESA-2008_0222_firefox_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0223 centos4 x86_64 File : nvt/gb_CESA-2008_0223_seamonkey_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0223 centos4 i386 File : nvt/gb_CESA-2008_0223_seamonkey_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0223 centos3 x86_64 File : nvt/gb_CESA-2008_0223_seamonkey_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0223 centos3 i386 File : nvt/gb_CESA-2008_0223_seamonkey_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0223-02 centos2 i386 File : nvt/gb_CESA-2008_0223-02_seamonkey_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0222 centos4 i386 File : nvt/gb_CESA-2008_0222_firefox_centos4_i386.nasl |
2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_firefox_fc8.nasl |
2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_devhelp_fc8.nasl |
2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_epiphany-extensions_fc8.nasl |
2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_epiphany_fc8.nasl |
2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_yelp_fc7.nasl |
2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_chmsee_fc8.nasl |
2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_Miro_fc8.nasl |
2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-3264 File : nvt/gb_fedora_2008_3264_seamonkey_fc8.nasl |
2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_galeon_fc7.nasl |
2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_galeon_fc8.nasl |
2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_gnome-python2-extras_fc8.nasl |
2009-02-17 | Name : Fedora Update for gnome-web-photo FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_gnome-web-photo_fc8.nasl |
2009-02-17 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_gtkmozembedmm_fc8.nasl |
2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_kazehakase_fc8.nasl |
2009-02-17 | Name : Fedora Update for liferea FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_liferea_fc8.nasl |
2009-02-17 | Name : Fedora Update for openvrml FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_openvrml_fc8.nasl |
2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_ruby-gnome2_fc8.nasl |
2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-3283 File : nvt/gb_fedora_2008_3283_yelp_fc8.nasl |
2009-02-17 | Name : Fedora Update for openvrml FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_openvrml_fc7.nasl |
2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-3557 File : nvt/gb_fedora_2008_3557_thunderbird_fc8.nasl |
2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-3519 File : nvt/gb_fedora_2008_3519_thunderbird_fc7.nasl |
2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-3231 File : nvt/gb_fedora_2008_3231_seamonkey_fc7.nasl |
2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_Miro_fc7.nasl |
2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_chmsee_fc7.nasl |
2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_devhelp_fc7.nasl |
2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_epiphany-extensions_fc7.nasl |
2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_epiphany_fc7.nasl |
2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_firefox_fc7.nasl |
2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_gnome-python2-extras_fc7.nasl |
2009-02-17 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_gtkmozembedmm_fc7.nasl |
2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_kazehakase_fc7.nasl |
2009-02-17 | Name : Fedora Update for liferea FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_liferea_fc7.nasl |
2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-3249 File : nvt/gb_fedora_2008_3249_ruby-gnome2_fc7.nasl |
2009-01-13 | Name : Debian Security Advisory DSA 1696-1 (icedove) File : nvt/deb_1696_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-03 (mozilla ...) File : nvt/glsa_200808_03.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-18 (mozilla ...) File : nvt/glsa_200805_18.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox33.nasl |
2008-04-30 | Name : Debian Security Advisory DSA 1562-1 (iceape) File : nvt/deb_1562_1.nasl |
2008-04-30 | Name : Debian Security Advisory DSA 1558-1 (xulrunner) File : nvt/deb_1558_1.nasl |
2008-04-30 | Name : Debian Security Advisory DSA 1555-1 (iceweasel) File : nvt/deb_1555_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-191-03 seamonkey File : nvt/esoft_slk_ssa_2008_191_03.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-108-01 mozilla-firefox File : nvt/esoft_slk_ssa_2008_108_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44467 | Mozilla Multiple Products Javascript Garbage Collector DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0224.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0223.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0222.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080416_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080416_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0224.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-110.nasl - Type : ACT_GATHER_INFO |
2009-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1696.nasl - Type : ACT_GATHER_INFO |
2008-08-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-03.nasl - Type : ACT_GATHER_INFO |
2008-07-10 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-191-03.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1110.nasl - Type : ACT_GATHER_INFO |
2008-06-09 | Name : The remote openSUSE host is missing a security update. File : suse_epiphany-5293.nasl - Type : ACT_GATHER_INFO |
2008-06-09 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5280.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-18.nasl - Type : ACT_GATHER_INFO |
2008-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3519.nasl - Type : ACT_GATHER_INFO |
2008-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3557.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1562.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5219.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5218.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0224.nasl - Type : ACT_GATHER_INFO |
2008-04-28 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_67bd39ba12b511ddbab70016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2008-04-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1558.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3264.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-602-1.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1555.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3231.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-3283.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-3249.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0223.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0222.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-108-01.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0223.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0222.nasl - Type : ACT_GATHER_INFO |
2008-04-17 | Name : The remote Windows host contains a web browser that may allow arbitrary code ... File : mozilla_firefox_20014.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:34 |
|