CVE-2008-1235

Description

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."

9.3

CVSS

Severity: Critical

CVSS 2.0 •

EPSS 19.12% Top 5%

Vendor Advisory debian.org Vendor Advisory sun.com Vendor Advisory ubuntu.com Vendor Advisory ubuntu.com Vendor Advisory sun.com Vendor Advisory mandriva.com Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory slackware.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory redhat.com Vendor Advisory debian.org Vendor Advisory mandriva.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory mozilla.org Vendor Advisory vupen.com Vendor Advisory vupen.com Vendor Advisory vupen.com

Affected: n/a n/a

References

Link	Tags
http://www.securityfocus.com/archive/1/490196/100/0/threaded	mailing list
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10980	vdb entry signature
http://secunia.com/advisories/29541	third party advisory vendor advisory
http://secunia.com/advisories/29539	third party advisory vendor advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-14.html	patch vendor advisory
http://www.vupen.com/english/advisories/2008/0999/references	vdb entry vendor advisory
http://secunia.com/advisories/30620	third party advisory vendor advisory
http://secunia.com/advisories/29560	third party advisory vendor advisory
http://www.debian.org/security/2008/dsa-1532	vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41457	vdb entry
http://secunia.com/advisories/30327	third party advisory vendor advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1	vendor advisory
http://www.ubuntu.com/usn/usn-592-1	vendor advisory
http://secunia.com/advisories/29616	third party advisory vendor advisory
http://www.securitytracker.com/id?1019694	vdb entry
http://secunia.com/advisories/29550	third party advisory vendor advisory
http://secunia.com/advisories/29645	third party advisory vendor advisory
http://www.ubuntu.com/usn/usn-605-1	vendor advisory
http://secunia.com/advisories/29607	third party advisory vendor advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1	vendor advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155	vendor advisory
http://www.vupen.com/english/advisories/2008/1793/references	vdb entry vendor advisory
http://www.debian.org/security/2008/dsa-1574	vendor advisory
http://secunia.com/advisories/29558	third party advisory vendor advisory
http://secunia.com/advisories/29548	third party advisory vendor advisory
http://secunia.com/advisories/30370	third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2008-0208.html	vendor advisory
http://secunia.com/advisories/29526	third party advisory vendor advisory
http://www.vupen.com/english/advisories/2008/2091/references	vdb entry
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html	vendor advisory
http://www.us-cert.gov/cas/techalerts/TA08-087A.html	third party advisory us government resource
http://secunia.com/advisories/29391	third party advisory vendor advisory
http://secunia.com/advisories/30192	third party advisory vendor advisory
http://www.kb.cert.org/vuls/id/466521	third party advisory us government resource
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313	vendor advisory
http://www.redhat.com/support/errata/RHSA-2008-0209.html	vendor advisory
http://www.securityfocus.com/bid/28448	vdb entry
http://www.redhat.com/support/errata/RHSA-2008-0207.html	vendor advisory
http://secunia.com/advisories/30016	third party advisory vendor advisory
http://www.debian.org/security/2008/dsa-1534	vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html	vendor advisory
http://secunia.com/advisories/29547	third party advisory vendor advisory
http://secunia.com/advisories/30105	third party advisory vendor advisory
http://secunia.com/advisories/30094	third party advisory vendor advisory
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml	vendor advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128
http://secunia.com/advisories/31043	third party advisory vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html	vendor advisory
http://www.vupen.com/english/advisories/2008/0998/references	vdb entry vendor advisory
http://www.debian.org/security/2008/dsa-1535	vendor advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:080	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2008-1235?: CVE-2008-1235 has been scored as a critical severity vulnerability.
How to fix CVE-2008-1235?: To fix CVE-2008-1235, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2008-1235 being actively exploited in the wild?: It is possible that CVE-2008-1235 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~19% probability that this vulnerability will be exploited by malicious actors in the next 30 days.