search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Mozilla JavaScript privilege escalation

Vulnerability Note VU#466521

Original Release Date: 2008-03-27 | Last Revised: 2008-03-27

Overview

Mozilla products contain multiple vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code.

Description

Mozilla Firefox, Thunderbird, and SeaMonkey do not properly handle JavaScript, which may allow privilege escalation and execution of arbitrary code on an affected system.

Impact

Successful exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Solution

Apply an update

Mozilla Foundation has issued new versions of the affected products which address these vulnerabilities. Please see MFSA 2008-14 for more details.

Workaround
Disabling JavaScript is an effective workaround for these vulnerabilities. It is strongly recommended that you disable JavaScript until a version containing patches for these vulnerabilities can be installed.

Vendor Information

466521
 
Affected   Unknown   Unaffected

Mozilla

Updated:  March 27, 2008

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Mozilla Foundation has issued new versions of the affected products which address these vulnerabilities.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This document was written by Joseph Pruszynski.

Other Information

CVE IDs: CVE-2008-1233, CVE-2008-1234, CVE-2008-1235
Severity Metric: 20.38
Date Public: 2008-03-25
Date First Published: 2008-03-27
Date Last Updated: 2008-03-27 21:08 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.