CVE-2008-4058
First published: Wed Sep 24 2008(Updated: )
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <2.0.0.17 | |
| Firefox | >=3.0<3.0.2 | |
| Mozilla SeaMonkey | <1.1.12 | |
| Thunderbird | <2.0.0.17 | |
| Debian Linux | =4.0 | |
| Ubuntu | =6.06 | |
| Ubuntu | =7.04 | |
| Ubuntu | =7.10 | |
| Ubuntu | =8.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://download.novell.com/Download?buildid=WZXONb-tqBw~
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
- http://secunia.com/advisories/31984
- http://secunia.com/advisories/31985
- http://secunia.com/advisories/31987
- http://secunia.com/advisories/32007
- http://secunia.com/advisories/32010
- http://secunia.com/advisories/32011
- http://secunia.com/advisories/32012
- http://secunia.com/advisories/32025
- http://secunia.com/advisories/32042
- http://secunia.com/advisories/32044
- http://secunia.com/advisories/32082
- http://secunia.com/advisories/32089
- http://secunia.com/advisories/32092
- http://secunia.com/advisories/32095
- http://secunia.com/advisories/32096
- http://secunia.com/advisories/32144
- http://secunia.com/advisories/32185
- http://secunia.com/advisories/32196
- http://secunia.com/advisories/32845
- http://secunia.com/advisories/33433
- http://secunia.com/advisories/33434
- http://secunia.com/advisories/34501
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
- http://www.debian.org/security/2008/dsa-1649
- http://www.debian.org/security/2008/dsa-1669
- http://www.debian.org/security/2009/dsa-1696
- http://www.debian.org/security/2009/dsa-1697
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:206
- http://www.mozilla.org/security/announce/2008/mfsa2008-41.html
- http://www.redhat.com/support/errata/RHSA-2008-0879.html
- http://www.redhat.com/support/errata/RHSA-2008-0882.html
- http://www.redhat.com/support/errata/RHSA-2008-0908.html
- http://www.securityfocus.com/bid/31346
- http://www.securitytracker.com/id?1020915
- http://www.ubuntu.com/usn/usn-645-1
- http://www.ubuntu.com/usn/usn-645-2
- http://www.ubuntu.com/usn/usn-647-1
- http://www.vupen.com/english/advisories/2008/2661
- http://www.vupen.com/english/advisories/2009/0977
- https://bugzilla.mozilla.org/show_bug.cgi?id=444075
- https://bugzilla.mozilla.org/show_bug.cgi?id=444077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45349
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9679
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
Frequently Asked Questions
What is the severity of CVE-2008-4058?
CVE-2008-4058 has a high severity rating due to its ability to allow remote code execution with chrome privileges.
How do I fix CVE-2008-4058?
To fix CVE-2008-4058, users should upgrade to the latest version of affected software, such as Firefox 2.0.0.17, Thunderbird 2.0.0.17, or SeaMonkey 1.1.12.
What products are vulnerable to CVE-2008-4058?
CVE-2008-4058 affects Mozilla Firefox versions before 2.0.0.17 and 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12.
Can CVE-2008-4058 be exploited remotely?
Yes, CVE-2008-4058 can be exploited remotely, allowing attackers to execute arbitrary code.
Is CVE-2008-4058 still relevant today?
While CVE-2008-4058 was significant during its time, it is less relevant now due to the discontinuation of affected products and the availability of security updates.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- version/firefox/3.0
- canonical/mozilla seamonkey
- canonical/thunderbird
- vendor/debian
- canonical/debian linux
- version/debian linux/4.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/6.06
- version/ubuntu/7.04
- version/ubuntu/7.10
- version/ubuntu/8.04