10
CVE-2008-5014
- EPSS 5.87%
- Veröffentlicht 13.11.2008 11:30:01
- Zuletzt bearbeitet 16.06.2026 22:58:57
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird Version >= 2.0 < 2.0.0.18
Debian ≫ Debian Linux Version4.0
Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts
Canonical ≫ Ubuntu Linux Version7.10
Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version8.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.87% | 0.922 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/33433
http://www.debian.org/security/2009/dsa-1697
http://secunia.com/advisories/33434
http://www.debian.org/security/2009/dsa-1696
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.vupen.com/english/advisories/2009/0977
http://secunia.com/advisories/32845
http://www.debian.org/security/2008/dsa-1669
http://secunia.com/advisories/32011
http://secunia.com/advisories/32684
http://secunia.com/advisories/32693
http://secunia.com/advisories/32714
http://secunia.com/advisories/32721
http://secunia.com/advisories/32778
http://secunia.com/advisories/32853
http://ubuntu.com/usn/usn-667-1
http://www.debian.org/security/2008/dsa-1671
http://www.us-cert.gov/cas/techalerts/TA08-319A.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
http://secunia.com/advisories/32694
http://secunia.com/advisories/32695
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230
http://www.redhat.com/support/errata/RHSA-2008-0977.html
http://www.redhat.com/support/errata/RHSA-2008-0978.html
http://www.securityfocus.com/bid/32281
http://www.vupen.com/english/advisories/2008/3146
http://secunia.com/advisories/32715
http://secunia.com/advisories/32798
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235
http://www.redhat.com/support/errata/RHSA-2008-0976.html
http://www.mozilla.org/security/announce/2008/mfsa2008-50.html
http://www.securitytracker.com/id?1021182
https://bugzilla.mozilla.org/show_bug.cgi?id=436741
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9157