CVE-2008-1235
First published: Thu Mar 27 2008(Updated: )
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <=2.0.0.12 | |
| Firefox | =0.1 | |
| Thunderbird | =1.5.0.7 | |
| Thunderbird | =0.6 | |
| Mozilla SeaMonkey | =1.0.3 | |
| Firefox | =0.8 | |
| Thunderbird | =2.0.0.4 | |
| Mozilla SeaMonkey | =1.0.1 | |
| Mozilla SeaMonkey | =1.1.7 | |
| Thunderbird | =2.0.0.6 | |
| Mozilla SeaMonkey | =1.0.6 | |
| Firefox | =1.5.0.6 | |
| Mozilla SeaMonkey | =1.0.9 | |
| Thunderbird | =0.3 | |
| Mozilla SeaMonkey | =1.1.3 | |
| Firefox | =2.0.0.2 | |
| Firefox | =1.5.0.10 | |
| Firefox | =1.5.0.3 | |
| Thunderbird | =0.2 | |
| Mozilla SeaMonkey | =1.0 | |
| Thunderbird | =1.0.7 | |
| Firefox | =1.5.0.11 | |
| Thunderbird | =2.0.0.9 | |
| Mozilla SeaMonkey | =1.1.5 | |
| Mozilla SeaMonkey | =1.0.7 | |
| Firefox | =1.0.2 | |
| Mozilla SeaMonkey | =1.0-beta | |
| Mozilla SeaMonkey | =1.1-alpha | |
| Thunderbird | <=2.0.0.12 | |
| Mozilla SeaMonkey | =1.0-alpha | |
| Firefox | =1.5 | |
| Firefox | =0.9.1 | |
| Thunderbird | =1.5.0.10 | |
| Thunderbird | =1.5.0.5 | |
| Firefox | =1.0.4 | |
| Firefox | =2.0.0.7 | |
| Firefox | =1.0.7 | |
| Mozilla SeaMonkey | =1.1 | |
| Firefox | =2.0.0.9 | |
| Thunderbird | =1.0 | |
| Firefox | =0.9 | |
| Firefox | =0.7 | |
| Mozilla SeaMonkey | =1.1.2 | |
| Firefox | =0.2 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Mozilla SeaMonkey | =1.0.8 | |
| Thunderbird | =1.0.2 | |
| Thunderbird | =2.0.0.0 | |
| Thunderbird | =1.5.0.13 | |
| Firefox | =1.0 | |
| Mozilla SeaMonkey | =1.1-beta | |
| Mozilla SeaMonkey | =1.1.1 | |
| Firefox | =1.5.0.7 | |
| Firefox | =2.0 | |
| Thunderbird | =1.5 | |
| Firefox | =1.0.1 | |
| Thunderbird | =1.5.0.2 | |
| Firefox | =0.6 | |
| Mozilla SeaMonkey | =1.0.5 | |
| Firefox | =0.7.1 | |
| Thunderbird | =1.5.0.8 | |
| Firefox | =1.5.0.8 | |
| Thunderbird | =0.5 | |
| Thunderbird | =1.0.4 | |
| Firefox | =2.0.0.3 | |
| Firefox | =1.5.0.9 | |
| Firefox | =1.5.0.5 | |
| Firefox | =1.5.0.12 | |
| Thunderbird | =1.5.0.9 | |
| Thunderbird | =0.9 | |
| Firefox | =2.0.0.6 | |
| Mozilla SeaMonkey | =1.1.6 | |
| Thunderbird | =1.5.0.12 | |
| Firefox | =2.0.0.11 | |
| Firefox | =1.5.0.2 | |
| Firefox | =1.0.3 | |
| Firefox | =2.0.0.4 | |
| Firefox | =0.5 | |
| Firefox | =0.6.1 | |
| Firefox | =0.9.3 | |
| Thunderbird | =0.4 | |
| Thunderbird | =0.7 | |
| Thunderbird | =1.5.0.14 | |
| Firefox | =2.0.0.1 | |
| Thunderbird | =1.0.6 | |
| Thunderbird | =2.0.0.5 | |
| Mozilla SeaMonkey | =1.0.4 | |
| Firefox | =0.9.2 | |
| Firefox | =1.0-preview_release | |
| Firefox | =2.0.0.8 | |
| Thunderbird | =1.0.8 | |
| Mozilla SeaMonkey | <=1.1.8 | |
| Thunderbird | =0.1 | |
| Firefox | =0.4 | |
| Thunderbird | =1.0.5 | |
| Thunderbird | =0.8 | |
| Firefox | =1.5.0.4 | |
| Firefox | =1.5.0.1 | |
| Firefox | =1.0.5 | |
| Firefox | =2.0.0.5 | |
| Firefox | =2.0.0.10 | |
| Firefox | =1.0.6 | |
| Thunderbird | =1.5.0.4 | |
| Mozilla SeaMonkey | =1.1.4 | |
| Firefox | =1.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2008/mfsa2008-14.html
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128
- http://www.debian.org/security/2008/dsa-1532
- http://rhn.redhat.com/errata/RHSA-2008-0208.html
- http://secunia.com/advisories/29391
- http://secunia.com/advisories/29560
- http://www.debian.org/security/2008/dsa-1534
- http://www.debian.org/security/2008/dsa-1535
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:080
- http://www.redhat.com/support/errata/RHSA-2008-0207.html
- http://www.ubuntu.com/usn/usn-592-1
- http://www.us-cert.gov/cas/techalerts/TA08-087A.html
- http://www.kb.cert.org/vuls/id/466521
- http://www.securityfocus.com/bid/28448
- http://www.securitytracker.com/id?1019694
- http://secunia.com/advisories/29548
- http://secunia.com/advisories/29550
- http://secunia.com/advisories/29539
- http://secunia.com/advisories/29558
- http://secunia.com/advisories/29616
- http://secunia.com/advisories/29526
- http://secunia.com/advisories/29541
- http://secunia.com/advisories/29547
- http://www.redhat.com/support/errata/RHSA-2008-0209.html
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html
- http://secunia.com/advisories/29645
- http://secunia.com/advisories/29607
- http://www.debian.org/security/2008/dsa-1574
- http://secunia.com/advisories/30016
- http://secunia.com/advisories/30094
- http://secunia.com/advisories/30327
- http://secunia.com/advisories/30370
- http://secunia.com/advisories/31043
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
- http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
- http://secunia.com/advisories/30192
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
- http://secunia.com/advisories/30620
- http://www.ubuntu.com/usn/usn-605-1
- http://secunia.com/advisories/30105
- http://www.vupen.com/english/advisories/2008/0998/references
- http://www.vupen.com/english/advisories/2008/0999/references
- http://www.vupen.com/english/advisories/2008/1793/references
- http://www.vupen.com/english/advisories/2008/2091/references
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41457
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10980
- http://www.securityfocus.com/archive/1/490196/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-1235?
CVE-2008-1235 has a high severity level due to the potential for remote code execution.
How do I fix CVE-2008-1235?
To fix CVE-2008-1235, update to Mozilla Firefox version 2.0.0.13 or later, Thunderbird version 2.0.0.13 or later, or SeaMonkey version 1.1.9 or later.
What type of vulnerability is CVE-2008-1235?
CVE-2008-1235 is a privilege escalation vulnerability that allows execution of arbitrary code.
Which applications are affected by CVE-2008-1235?
CVE-2008-1235 affects Mozilla Firefox, Thunderbird, and SeaMonkey versions prior to their respective patched releases.
When was CVE-2008-1235 disclosed?
CVE-2008-1235 was publicly disclosed in March 2008.
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- version/firefox/2.0.0.12
- version/firefox/0.1
- canonical/thunderbird
- version/thunderbird/1.5.0.7
- version/thunderbird/0.6
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0.3
- version/firefox/0.8
- version/thunderbird/2.0.0.4
- version/mozilla seamonkey/1.0.1
- version/mozilla seamonkey/1.1.7
- version/thunderbird/2.0.0.6
- version/mozilla seamonkey/1.0.6
- version/firefox/1.5.0.6
- version/mozilla seamonkey/1.0.9
- version/thunderbird/0.3
- version/mozilla seamonkey/1.1.3
- version/firefox/2.0.0.2
- version/firefox/1.5.0.10
- version/firefox/1.5.0.3
- version/thunderbird/0.2
- version/mozilla seamonkey/1.0
- version/thunderbird/1.0.7
- version/firefox/1.5.0.11
- version/thunderbird/2.0.0.9
- version/mozilla seamonkey/1.1.5
- version/mozilla seamonkey/1.0.7
- version/firefox/1.0.2
- version/mozilla seamonkey/1.0-beta
- version/mozilla seamonkey/1.1-alpha
- version/thunderbird/2.0.0.12
- version/mozilla seamonkey/1.0-alpha
- version/firefox/1.5
- version/firefox/0.9.1
- version/thunderbird/1.5.0.10
- version/thunderbird/1.5.0.5
- version/firefox/1.0.4
- version/firefox/2.0.0.7
- version/firefox/1.0.7
- version/mozilla seamonkey/1.1
- version/firefox/2.0.0.9
- version/thunderbird/1.0
- version/firefox/0.9
- version/firefox/0.7
- version/mozilla seamonkey/1.1.2
- version/firefox/0.2
- version/mozilla seamonkey/1.0.2
- version/mozilla seamonkey/1.0.8
- version/thunderbird/1.0.2
- version/thunderbird/2.0.0.0
- version/thunderbird/1.5.0.13
- version/firefox/1.0
- version/mozilla seamonkey/1.1-beta
- version/mozilla seamonkey/1.1.1
- version/firefox/1.5.0.7
- version/firefox/2.0
- version/thunderbird/1.5
- version/firefox/1.0.1
- version/thunderbird/1.5.0.2
- version/firefox/0.6
- version/mozilla seamonkey/1.0.5
- version/firefox/0.7.1
- version/thunderbird/1.5.0.8
- version/firefox/1.5.0.8
- version/thunderbird/0.5
- version/thunderbird/1.0.4
- version/firefox/2.0.0.3
- version/firefox/1.5.0.9
- version/firefox/1.5.0.5
- version/firefox/1.5.0.12
- version/thunderbird/1.5.0.9
- version/thunderbird/0.9
- version/firefox/2.0.0.6
- version/mozilla seamonkey/1.1.6
- version/thunderbird/1.5.0.12
- version/firefox/2.0.0.11
- version/firefox/1.5.0.2
- version/firefox/1.0.3
- version/firefox/2.0.0.4
- version/firefox/0.5
- version/firefox/0.6.1
- version/firefox/0.9.3
- version/thunderbird/0.4
- version/thunderbird/0.7
- version/thunderbird/1.5.0.14
- version/firefox/2.0.0.1
- version/thunderbird/1.0.6
- version/thunderbird/2.0.0.5
- version/mozilla seamonkey/1.0.4
- version/firefox/0.9.2
- version/firefox/1.0-preview_release
- version/firefox/2.0.0.8
- version/thunderbird/1.0.8
- version/mozilla seamonkey/1.1.8
- version/thunderbird/0.1
- version/firefox/0.4
- version/thunderbird/1.0.5
- version/thunderbird/0.8
- version/firefox/1.5.0.4
- version/firefox/1.5.0.1
- version/firefox/1.0.5
- version/firefox/2.0.0.5
- version/firefox/2.0.0.10
- version/firefox/1.0.6
- version/thunderbird/1.5.0.4
- version/mozilla seamonkey/1.1.4
- version/firefox/1.0.8