Vulnerability Name:

CVE-2008-0413 (CCN-40363)

Assigned:2008-02-07
Published:2008-02-07
Updated:2018-10-15
Summary:The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Netscape Web site
Release Notes: What's New in Netscape Navigator 9.0.0.6

Source: CONFIRM
Type: UNKNOWN
http://browser.netscape.com/releasenotes/

Source: MITRE
Type: CNA
CVE-2008-0413

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:008

Source: CCN
Type: RHSA-2008-0103
Critical: firefox security update

Source: CCN
Type: RHSA-2008-0104
Critical: seamonkey security update

Source: CCN
Type: RHSA-2008-0105
Moderate: thunderbird security update

Source: SECUNIA
Type: UNKNOWN
28754

Source: CCN
Type: SA28758
Mozilla Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28758

Source: SECUNIA
Type: UNKNOWN
28766

Source: CCN
Type: SA28808
Mozilla Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28808

Source: CCN
Type: SA28815
Mozilla SeaMonkey Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28815

Source: SECUNIA
Type: UNKNOWN
28818

Source: SECUNIA
Type: UNKNOWN
28839

Source: SECUNIA
Type: UNKNOWN
28864

Source: SECUNIA
Type: UNKNOWN
28865

Source: SECUNIA
Type: UNKNOWN
28877

Source: SECUNIA
Type: UNKNOWN
28879

Source: SECUNIA
Type: UNKNOWN
28924

Source: SECUNIA
Type: UNKNOWN
28939

Source: SECUNIA
Type: UNKNOWN
28958

Source: CCN
Type: SA29049
Netscape Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
29049

Source: SECUNIA
Type: UNKNOWN
29086

Source: SECUNIA
Type: UNKNOWN
29098

Source: SECUNIA
Type: UNKNOWN
29164

Source: SECUNIA
Type: UNKNOWN
29167

Source: SECUNIA
Type: UNKNOWN
29211

Source: SECUNIA
Type: UNKNOWN
30327

Source: CCN
Type: SA30620
Sun Solaris Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30620

Source: CCN
Type: SA31043
Sun Solaris Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
31043

Source: CCN
Type: SECTRACK ID: 1019321
Mozilla Firefox Bugs in JavaScript Engine Let Remote Users Execute Arbitrary Code

Source: SLACKWARE
Type: UNKNOWN
SSA:2008-061-01

Source: SUNALERT
Type: UNKNOWN
238492

Source: SUNALERT
Type: UNKNOWN
239546

Source: CCN
Type: Sun Alert ID: 238492
Multiple Security Vulnerabilities in Solaris 10 Firefox may Allow Execution of Arbitrary Code and Access to Unauthorized Data

Source: CCN
Type: Sun Alert ID: 239546
Security Vulnerabilities in Thunderbird for Solaris May Result in Privilege Escalation or Cross-Site Scripting (XSS)

Source: CCN
Type: ASA-2008-058
thunderbird security update (RHSA-2008-0105)

Source: CCN
Type: ASA-2008-059
firefox security update (RHSA-2008-0103)

Source: CCN
Type: ASA-2008-101
seamonkey security update (RHSA-2008-0104)

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/Advisories:rPSA-2008-0051

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/Advisories:rPSA-2008-0093

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

Source: DEBIAN
Type: UNKNOWN
DSA-1484

Source: DEBIAN
Type: UNKNOWN
DSA-1485

Source: DEBIAN
Type: UNKNOWN
DSA-1489

Source: DEBIAN
Type: UNKNOWN
DSA-1506

Source: DEBIAN
Type: DSA-1484
xulrunner -- several vulnerabilities

Source: DEBIAN
Type: DSA-1485
icedove -- several vulnerabilities

Source: DEBIAN
Type: DSA-1489
iceweasel -- several vulnerabilities

Source: DEBIAN
Type: DSA-1506
iceape -- several vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200805-18

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:048

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:062

Source: CCN
Type: MFSA 2008-01
Crashes with evidence of memory corruption (rv:1.8.1.12)

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/security/announce/2008/mfsa2008-01.html

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0103

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0104

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0105

Source: BUGTRAQ
Type: UNKNOWN
20080209 rPSA-2008-0051-1 firefox

Source: BUGTRAQ
Type: UNKNOWN
20080212 FLEA-2008-0001-1 firefox

Source: BUGTRAQ
Type: UNKNOWN
20080229 rPSA-2008-0093-1 thunderbird

Source: BID
Type: UNKNOWN
27683

Source: CCN
Type: BID-27683
Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11 Multiple Remote Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1019321

Source: CCN
Type: USN-576-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-576-1

Source: CCN
Type: USN-582-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-582-1

Source: CCN
Type: USN-582-2
Thunderbird regression

Source: UBUNTU
Type: UNKNOWN
USN-582-2

Source: VUPEN
Type: UNKNOWN
ADV-2008-0453

Source: VUPEN
Type: UNKNOWN
ADV-2008-0454

Source: VUPEN
Type: UNKNOWN
ADV-2008-0627

Source: VUPEN
Type: UNKNOWN
ADV-2008-1793

Source: VUPEN
Type: UNKNOWN
ADV-2008-2091

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/buglist.cgi?bug_id=407720,390597,373344,398085,406572,391028,406036,402087

Source: XF
Type: UNKNOWN
firefox-javascript-code-execution(40363)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1995

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10385

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-1435

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-1459

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-1535

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-2060

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-2118

Source: SUSE
Type: SUSE-SA:2008:008
Mozilla Firefox and Seamonkey Security Problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 2.0.0.11)
  • OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version <= 1.1.7)
  • OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version <= 2.0.0.11)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:navigator:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1::beta:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:es:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_89::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_89::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20080413
    V
    		CVE-2008-0413
    2015-11-16
    oval:org.mitre.oval:def:17244
    P
    		USN-582-2 -- mozilla-thunderbird
    2014-07-21
    oval:org.mitre.oval:def:17594
    P
    		USN-582-1 -- mozilla-thunderbird, thunderbird vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:17533
    P
    		USN-576-1 -- firefox vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:7909
    P
    		DSA-1489 iceweasel -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:20267
    P
    		DSA-1484-1 xulrunner - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:18417
    P
    		DSA-1485-2 icedove - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:7914
    P
    		DSA-1485 icedove -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:18434
    P
    		DSA-1489-1 iceweasel - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:8000
    P
    		DSA-1484 xulrunner -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:20074
    P
    		DSA-1506-1 iceape - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:8162
    P
    		DSA-1506 iceape -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:21756
    P
    		ELSA-2008:0105: thunderbird security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22437
    P
    		ELSA-2008:0103: firefox security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:10385
    V
    		The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.
    2013-04-29
    oval:com.redhat.rhsa:def:20080103
    P
    		RHSA-2008:0103: firefox security update (Critical)
    2008-03-20
    oval:com.redhat.rhsa:def:20080104
    P
    		RHSA-2008:0104: seamonkey security update (Critical)
    2008-03-20
    oval:com.redhat.rhsa:def:20080105
    P
    		RHSA-2008:0105: thunderbird security update (Critical)
    2008-02-27
    oval:org.debian:def:1506
    V
    		several vulnerabilities
    2008-02-24
    oval:org.debian:def:1485
    V
    		several vulnerabilities
    2008-02-10
    oval:org.debian:def:1489
    V
    		several vulnerabilities
    2008-02-10
    oval:org.debian:def:1484
    V
    		several vulnerabilities
    2008-02-10
    BACK
    mozilla firefox *
    mozilla seamonkey *
    mozilla thunderbird *
    mozilla firefox 2.0
    mozilla firefox 2.0.0.1
    mozilla firefox 2.0.0.2
    mozilla firefox 2.0.0.3
    mozilla firefox 2.0.0.4
    netscape navigator 9.0
    mozilla firefox 2.0.0.5
    mozilla thunderbird 2.0.0.5
    mozilla seamonkey 1.1.3
    mozilla firefox 2.0.0.6
    mozilla firefox 2.0.0.9
    mozilla thunderbird 2.0.0.4
    mozilla thunderbird 2.0.0.3
    mozilla thunderbird 2.0.0.2
    mozilla thunderbird 2.0.0.1
    mozilla seamonkey 1.1.2
    mozilla seamonkey 1.1.1
    mozilla firefox 2.0.0.7
    mozilla thunderbird 2.0.0.6
    mozilla thunderbird 2.0.0.7
    mozilla seamonkey 1.1.4
    mozilla firefox 2.0.0.8
    mozilla seamonkey 1.1.5
    mozilla seamonkey 1.1.6
    mozilla firefox 2.0.0.11
    mozilla thunderbird 2.0.0.9
    mozilla firefox 2.0 beta1
    mozilla firefox 2.0 rc2
    mozilla firefox 2.0 rc3
    mozilla firefox 2.0.0.10
    mozilla thunderbird 2.0.0.0
    mozilla thunderbird 2.0.0.11
    mozilla thunderbird 2.0.0.8
    mozilla seamonkey 1.1
    mozilla seamonkey 1.1.7
    mozilla seamonkey 1.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    sun solaris 10
    sun solaris 10
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    suse suse linux 10.1
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    redhat enterprise linux 5
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2007.1
    redhat enterprise linux 4.6.z ga
    redhat enterprise linux 4.6.z ga
    novell open enterprise server *
    novell opensuse 10.2
    novell opensuse 10.3
    sun opensolaris build_snv_89
    sun opensolaris build_snv_89