CVE-2008-1235 — Improper Privilege Management in Mozilla Firefox

7 documents6 sources

Severity

9.3CRITICALNVD

EPSS

19.1%

top 4.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedMar 27

Latest updateMay 1

Description

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox2.0.0.12+47

▶NVDmozilla/seamonkey1.1.8+18

▶NVDmozilla/thunderbird2.0.0.12+32

Patches

Patch: www.mozilla.org ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-q8g5-v4fw-48fq: Unspecified vulnerability in Mozilla Firefox before 2↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation↗2009-03-23

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2008-05-06

▶

Ubuntu

Firefox vulnerabilities↗2008-03-26

▶

Red Hat

chrome privilege via wrong principal↗2008-03-25

▶

💬Community

Bugzilla

CVE-2008-1235 chrome privilege via wrong principal↗2008-03-24

▶