Vulnerability Details : CVE-2008-5014
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.
Vulnerability category: Input validationExecute codeDenial of service
Products affected by CVE-2008-5014
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Threat overview for CVE-2008-5014
Top countries where our scanners detected CVE-2008-5014
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2008-5014 121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-5014!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-5014
27.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-5014
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-5014
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-5014
-
http://www.redhat.com/support/errata/RHSA-2008-0977.html
SupportThird Party Advisory
-
http://www.mozilla.org/security/announce/2008/mfsa2008-50.html
Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235
MandrivaThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=436741
Issue Tracking;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
MandrivaThird Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
[SECURITY] Fedora 9 Update: xulrunner-1.9.0.4-1.fc9Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230
MandrivaThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0976.html
SupportThird Party Advisory
-
http://www.us-cert.gov/cas/techalerts/TA08-319A.html
Mozilla Updates for Multiple Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
http://www.debian.org/security/2009/dsa-1696
[SECURITY] [DSA 1696-1] New icedove packages fix several vulnerabilitiesThird Party Advisory
-
http://www.securityfocus.com/bid/32281
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2008/3146
Webmail: access your OVH emails on ovhcloud.com | OVHcloudThird Party Advisory
-
http://www.securitytracker.com/id?1021182
Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
[security-announce] SUSE Security Announcement: Mozilla (SUSE-SA:2008:055) - openSUSE Security Announce - openSUSE Mailing ListsThird Party Advisory
-
http://ubuntu.com/usn/usn-667-1
USN-667-1: Firefox and xulrunner vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9157
Third Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
[SECURITY] Fedora 8 Update: firefox-2.0.0.18-1.fc8Third Party Advisory
-
http://www.debian.org/security/2008/dsa-1671
[SECURITY] [DSA 1671-1] New iceweasel packages fix several vulnerabilitiesThird Party Advisory
-
http://www.debian.org/security/2009/dsa-1697
[SECURITY] [DSA 1697-1] New iceape packages fix several vulnerabilitiesThird Party Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
Broken Link
-
http://www.debian.org/security/2008/dsa-1669
[SECURITY] [DSA 1669-1] New xulrunner packages fix several vulnerabilitiesThird Party Advisory
-
http://www.vupen.com/english/advisories/2009/0977
Webmail: access your OVH emails on ovhcloud.com | OVHcloudThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0978.html
SupportThird Party Advisory
Jump to