CVE-2008-1380 : The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0

The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.

Published 2008-04-17 19:05:00

Updated 2025-04-09 00:30:58

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2008-1380

Mozilla » Firefox
Versions up to, including, (<=) 2.0.0.13
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0 Update RC3
cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0.0.1
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0 Update RC2
cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0.0.2
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0.0.6
cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0.0.5
cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0.0.4
cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0.0.3
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0.0.7
cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0.0.10
cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0.0.11
cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0.0.8
cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0.0.9
cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0 Update Beta1
cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 2.0.0.12
cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird
Versions up to, including, (<=) 2.0.0.13
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 2.0.0.2
cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 2.0.0.3
cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 2.0.0.0
cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 2.0.0.1
cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 2.0.0.4
cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 2.0.0.5
cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 2.0.0.9
cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 2.0.0.6
cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 2.0.0.8
cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 2.0.0.12
cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 2.0.0.11
cpe:2.3:a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey
Versions up to, including, (<=) 1.1.9
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.4
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.3
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.2
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.3
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.2
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.5
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.9
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.7
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.6
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.6
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.5
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.4
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.8
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.8
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.7
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.1
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.99
cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-1380

EPSS FAQ

19.14%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-1380

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-1380

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-1380

http://www.securityfocus.com/bid/28818
http://secunia.com/advisories/30327

CVEs referencing this url
http://secunia.com/advisories/30029
http://secunia.com/advisories/29883
http://www.redhat.com/support/errata/RHSA-2008-0224.html
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

CVEs referencing this url
http://www.mozilla.org/security/announce/2008/mfsa2008-20.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:110
http://secunia.com/advisories/29860

Vendor Advisory
http://www.debian.org/security/2008/dsa-1558

[SECURITY] [DSA 1558-1] New xulrunner packages fix arbitrary code execution
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html

[security-announce] SUSE Security Summary Report SUSE-SR:200?8:011 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://www.ubuntu.com/usn/usn-602-1
http://secunia.com/advisories/31377

CVEs referencing this url
http://www.kb.cert.org/vuls/id/441529

US Government Resource
http://secunia.com/advisories/29912
http://www.debian.org/security/2008/dsa-1555
http://security.gentoo.org/glsa/glsa-200808-03.xml

CVEs referencing this url
http://www.debian.org/security/2009/dsa-1696

[SECURITY] [DSA 1696-1] New icedove packages fix several vulnerabilities

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/41857
http://secunia.com/advisories/31023

CVEs referencing this url
http://www.debian.org/security/2008/dsa-1562
http://secunia.com/advisories/29908
http://secunia.com/advisories/30192

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/1251/references
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.391769
http://www.redhat.com/support/errata/RHSA-2008-0222.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00407.html
http://secunia.com/advisories/30012
http://secunia.com/advisories/29947
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-0223.html
http://secunia.com/advisories/29911
http://www.securityfocus.com/archive/1/491838/100/0/threaded
http://www.securitytracker.com/id?1019873
http://secunia.com/advisories/30717

About Secunia Research | Flexera

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10752
http://secunia.com/advisories/33434

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/29793
http://secunia.com/advisories/29828
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/1793/references

CVEs referencing this url
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2008_13_sr.html

404 Page Not Found | SUSE

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00463.html
https://bugzilla.mozilla.org/show_bug.cgi?id=425576
http://secunia.com/advisories/30620

CVEs referencing this url
http://secunia.com/advisories/29787

Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2008-1380

Products affected by CVE-2008-1380

Exploit prediction scoring system (EPSS) score for CVE-2008-1380

CVSS scores for CVE-2008-1380

CWE ids for CVE-2008-1380

References for CVE-2008-1380