what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

CVE-2008-0413

Status Candidate

Overview

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.

Related Files

Gentoo Linux Security Advisory 200805-18
Posted May 20, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-18 - Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. Versions less than 2.0.0.14 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2007-4879, CVE-2008-0304, CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0420, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235
SHA-256 | 0be1f28cc28c33f9527f262fab77a030b56ac3b42790cbcd8cb8957fadd87d38
Debian Linux Security Advisory 1506-2
Posted Mar 20, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1506-2 - A regression has been fixed in iceape's frame handling code. Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594
SHA-256 | bc917c9a074c717bec02c4b74ae7fc0455b931a2e434ad745ae25f609e5fd350
Debian Linux Security Advisory 1485-2
Posted Mar 17, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1485-2 - A regression has been fixed in icedove's frame handling code. Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594
SHA-256 | a6d426ec079f7f75028eaf841b1e52475921b8783d245d90205ba780078153d0
Ubuntu Security Notice 582-2
Posted Mar 12, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 582-2 - USN-582-1 fixed several vulnerabilities in Thunderbird. The upstream fixes were incomplete, and after performing certain actions Thunderbird would crash due to memory errors. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-0420, CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0304, CVE-2008-0418
SHA-256 | fab13e0223aabbf6ace0e2087124c53fee125106a1dea684d9fcfafa86b17a7e
Mandriva Linux Security Advisory 2008-062
Posted Mar 12, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.12.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-0304, CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0418, CVE-2008-0591
SHA-256 | 9ff0744156668166c4e03c21ca64c0864dd42bc9e497d903ea8be0be2de146f0
Ubuntu Security Notice 582-1
Posted Mar 3, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 582-1 - It was discovered that Thunderbird did not properly set the size of a buffer when parsing an external-body MIME-type. If a user were to open a specially crafted email, an attacker could cause a denial of service via application crash or possibly execute arbitrary code as the user. Various flaws were discovered in Thunderbird and its JavaScript engine. By tricking a user into opening a malicious message, an attacker could execute arbitrary code with the user's privileges. Various flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious message, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. Gerry Eisenhaur discovered that the chrome URI scheme did not properly guard against directory traversal. Under certain circumstances, an attacker may be able to load files or steal session data. Ubuntu is not vulnerable in the default installation. Flaws were discovered in the BMP decoder. By tricking a user into opening a specially crafted BMP file, an attacker could obtain sensitive information.

tags | advisory, denial of service, arbitrary, javascript, xss
systems | linux, ubuntu
advisories | CVE-2008-0420, CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0304, CVE-2008-0418
SHA-256 | 31cdcf9f6b4dbcf4037d4938a5ae251012454561f1854e5d8d3001e650377ca6
Debian Linux Security Advisory 1506-1
Posted Feb 25, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1506-1 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594
SHA-256 | 4d6770cb76971796c0c006804774e270cb0405f86c9beab21b4cd6b10e03f9e2
Mandriva Linux Security Advisory 2008-048
Posted Feb 23, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.12.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0420, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594
SHA-256 | 482bde078069b0f18326aa099ea41d73c4a617640b3a89f8d56895efe646567c
Debian Linux Security Advisory 1485-1
Posted Feb 11, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1485-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. These allow for arbitrary code execution, privilege escalation, and more.

tags | advisory, remote, arbitrary, vulnerability, code execution
systems | linux, debian
advisories | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594
SHA-256 | 3e365dbba800b6a4e94ab3b87d1dd00796811c3c9dbbac66c1a4e7f09cdfe00b
Debian Linux Security Advisory 1484-1
Posted Feb 11, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1484-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. These allow for arbitrary code execution, privilege escalation, and more.

tags | advisory, remote, arbitrary, vulnerability, code execution
systems | linux, debian
advisories | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594
SHA-256 | 76893811c4f62f4d878db38c6c63452a69841359f89e44634b5fbcb09b8b7296
Debian Linux Security Advisory 1489-1
Posted Feb 11, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1489-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. These include arbitrary code execution, privilege escalation, and directory traversal flaws.

tags | advisory, remote, web, arbitrary, vulnerability, code execution
systems | linux, debian
advisories | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594
SHA-256 | 43e48acc32823c671aa5d0ce96fb6032885f942a876e0b4cc572d9328be2fee6
Ubuntu Security Notice 576-1
Posted Feb 8, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 576-1 - Code execution, cross site scripting, arbitrary upload, and a large amount of other vulnerabilities have been patched in Firefox.

tags | advisory, arbitrary, vulnerability, code execution, xss
systems | linux, ubuntu
advisories | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0420, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594
SHA-256 | 6e23fc127e8464927d11756844b98df4706dfdbbb98e8fae12e67bec66a1da4d
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close