CVE-2008-1233 — Code Injection in Mozilla Firefox

CWE-94 — Code Injection6 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

19.9%

top 4.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedMar 27

Latest updateMay 1

Description

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/firefox2.0.0.12

▶NVDmozilla/seamonkey1.1.8

▶NVDmozilla/thunderbird2.0.0.12

🔴Vulnerability Details

GHSA

GHSA-5rxf-q5vv-56x5: Unspecified vulnerability in Mozilla Firefox before 2↗2022-05-01

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2008-05-06

▶

Ubuntu

Firefox vulnerabilities↗2008-03-26

▶

Red Hat

Mozilla products XPCNativeWrapper pollution↗2008-03-25

▶

💬Community

Bugzilla

CVE-2008-1233 Mozilla products XPCNativeWrapper pollution↗2008-03-24

▶