CVE-2008-2798
published 2008-07-07CVE-2008-2798: Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers…
PriorityP340critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
13.95%
96.1th percentile
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | <= 2.0.0.14 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | seamonkey | <= 1.1.9 | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | thunderbird | <= 2.0.0.14 | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
vendor_ubuntu10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2008-07-25·CVSS 10.0
CVE-2008-2785 [CRITICAL] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Thunderbird vulnerabilities
Various flaws were discovered in the browser engine. If a user had
Javascript enabled and were tricked into opening a malicious web
page, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the
user invoking the program. (CVE-2008-2798, CVE-2008-2799)
It was discovered that Thunderbird would allow non-privileged XUL
documents to load chrome scripts from the fastload file if Javascript
was enabled. This could allow an attacker to execute arbitrary
Javascript code with chrome privileges. (CVE-2008-2802)
A flaw was discovered in Thunderbird that allowed overwriting trusted
objects via mozIJSSubScriptLoader.loadSubScript(). If a user had
Javascrip
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2008-07-02·CVSS 10.0
CVE-2008-2798 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
Various flaws were discovered in the browser engine. By tricking
a user into opening a malicious web page, an attacker could cause
a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the
program. (CVE-2008-2798, CVE-2008-2799)
Several problems were discovered in the JavaScript engine. If a
user were tricked into opening a malicious web page, an attacker
could perform cross-site scripting attacks. (CVE-2008-2800)
Collin Jackson discovered various flaws in the JavaScript engine
which allowed JavaScript to be injected into signed JAR files. If
a user were tricked into opening malicious web content, an
attacker may be able to execute arbitrary code with the pri
Red Hat
Firefox malformed web content flaws
vendor_redhat·2008-07-01·CVSS 10.0
CVE-2008-2798 [CRITICAL] Firefox malformed web content flaws
Firefox malformed web content flaws
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.
GHSA
GHSA-x8h2-3299-96fr: Multiple unspecified vulnerabilities in Mozilla Firefox before 2
ghsa_unreviewed·2022-05-01
CVE-2008-2798 [HIGH] GHSA-x8h2-3299-96fr: Multiple unspecified vulnerabilities in Mozilla Firefox before 2
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0616.htmlhttp://secunia.com/advisories/30878http://secunia.com/advisories/30898http://secunia.com/advisories/30903http://secunia.com/advisories/30911http://secunia.com/advisories/30915http://secunia.com/advisories/30949http://secunia.com/advisories/31005http://secunia.com/advisories/31008http://secunia.com/advisories/31021http://secunia.com/advisories/31023http://secunia.com/advisories/31069http://secunia.com/advisories/31076http://secunia.com/advisories/31183http://secunia.com/advisories/31195http://secunia.com/advisories/31220http://secunia.com/advisories/31253http://secunia.com/advisories/31286http://secunia.com/advisories/31377http://secunia.com/advisories/31403http://secunia.com/advisories/33433http://security.gentoo.org/glsa/glsa-200808-03.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484http://wiki.rpath.com/Advisories:rPSA-2008-0216http://www.debian.org/security/2008/dsa-1607http://www.debian.org/security/2008/dsa-1615http://www.debian.org/security/2008/dsa-1621http://www.debian.org/security/2009/dsa-1697http://www.mandriva.com/security/advisories?name=MDVSA-2008:136http://www.mandriva.com/security/advisories?name=MDVSA-2008:155http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15http://www.mozilla.org/security/announce/2008/mfsa2008-21.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0547.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0549.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0569.htmlhttp://www.securityfocus.com/archive/1/494080/100/0/threadedhttp://www.securityfocus.com/bid/30038http://www.securitytracker.com/id?1020419http://www.ubuntu.com/usn/usn-619-1http://www.ubuntu.com/usn/usn-629-1http://www.vupen.com/english/advisories/2008/1993/referenceshttps://bugzilla.mozilla.org/show_bug.cgi?id=378027https://bugzilla.mozilla.org/show_bug.cgi?id=391178https://bugzilla.mozilla.org/show_bug.cgi?id=430814https://issues.rpath.com/browse/RPL-2646https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10087https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0616.htmlhttp://secunia.com/advisories/30878http://secunia.com/advisories/30898http://secunia.com/advisories/30903http://secunia.com/advisories/30911http://secunia.com/advisories/30915http://secunia.com/advisories/30949http://secunia.com/advisories/31005http://secunia.com/advisories/31008http://secunia.com/advisories/31021http://secunia.com/advisories/31023http://secunia.com/advisories/31069http://secunia.com/advisories/31076http://secunia.com/advisories/31183http://secunia.com/advisories/31195http://secunia.com/advisories/31220http://secunia.com/advisories/31253http://secunia.com/advisories/31286http://secunia.com/advisories/31377http://secunia.com/advisories/31403http://secunia.com/advisories/33433http://security.gentoo.org/glsa/glsa-200808-03.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484http://wiki.rpath.com/Advisories:rPSA-2008-0216http://www.debian.org/security/2008/dsa-1607http://www.debian.org/security/2008/dsa-1615http://www.debian.org/security/2008/dsa-1621http://www.debian.org/security/2009/dsa-1697http://www.mandriva.com/security/advisories?name=MDVSA-2008:136http://www.mandriva.com/security/advisories?name=MDVSA-2008:155http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15http://www.mozilla.org/security/announce/2008/mfsa2008-21.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0547.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0549.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0569.htmlhttp://www.securityfocus.com/archive/1/494080/100/0/threadedhttp://www.securityfocus.com/bid/30038http://www.securitytracker.com/id?1020419http://www.ubuntu.com/usn/usn-619-1http://www.ubuntu.com/usn/usn-629-1http://www.vupen.com/english/advisories/2008/1993/referenceshttps://bugzilla.mozilla.org/show_bug.cgi?id=378027https://bugzilla.mozilla.org/show_bug.cgi?id=391178
+ 8 more references
2008-07-07
Published