Launchpad.net

CVE 2008-1237

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.

Related bugs and status

CVE-2008-1237 (Candidate) is related to these bugs:

Bug #210155: various outstanding security updates in mozilla universe packages (as of 1.8.1.13)

		In	Importance	Status
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu)	High	Fix Released
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu)	High	Fix Released
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Edgy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Edgy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Edgy)	High	Won't Fix
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Feisty)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Feisty)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Feisty)	High	Won't Fix
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Gutsy)	High	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Gutsy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Gutsy)	High	Won't Fix
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Hardy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Hardy)	High	Fix Released
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Hardy)	High	Fix Released

Bug #218534: [Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14

		In	Importance	Status
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu)	Undecided	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Dapper)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Dapper)	Undecided	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Dapper)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Dapper)	Undecided	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Feisty)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Feisty)	Undecided	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Feisty)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Feisty)	Critical	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Gutsy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Gutsy)	Undecided	Invalid
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Gutsy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Gutsy)	Undecided	Won't Fix
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Hardy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Hardy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Hardy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Hardy)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	firefox (Ubuntu Intrepid)	Undecided	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	seamonkey (Ubuntu Intrepid)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	thunderbird (Ubuntu Intrepid)	Critical	Fix Released
218534	[Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14	xulrunner (Ubuntu Intrepid)	Critical	Fix Released

Bug #218542: Security problem: Crash in JavaScript garbage collector

Summary				In	Importance	Status
	218542	Security problem: Crash in JavaScript garbage collector		firefox (Ubuntu)	Undecided	Fix Released

Bug #469752: firefox,3.5/3.6 startup-notification bug

		In	Importance	Status
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu)	Medium	Invalid
469752	firefox,3.5/3.6 startup-notification bug	Mozilla Firefox	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Suse)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu Lucid)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu Lucid)	Medium	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: http://wiki.rpath.com/...
DEBIAN: DSA-1532
REDHAT: RHSA-2008:0208
SECUNIA: 29391
SECUNIA: 29560
DEBIAN: DSA-1534
MANDRIVA: MDVSA-2008:080
REDHAT: RHSA-2008:0207
SECTRACK: 1019695
SECUNIA: 29548
SECUNIA: 29550
SECUNIA: 29539
SECUNIA: 29558
DEBIAN: DSA-1535
UBUNTU: USN-592-1
CERT: TA08-087A
BID: 28448
SECUNIA: 29616
SECUNIA: 29526
SECUNIA: 29541
SECUNIA: 29547
REDHAT: RHSA-2008:0209
SUSE: SUSE-SA:2008:019
SECUNIA: 29645
SECUNIA: 29607
DEBIAN: DSA-1574
SUSE: SUSE-SR:2008:011
SECUNIA: 30016
SECUNIA: 30094
SECUNIA: 30327
SECUNIA: 30370
SUNALERT: 239546
SECUNIA: 31043
MANDRIVA: MDVSA-2008:155
GENTOO: GLSA-200805-18
FEDORA: FEDORA-2008-3519
FEDORA: FEDORA-2008-3557
SECUNIA: 30192
SUNALERT: 238492
SECUNIA: 30620
UBUNTU: USN-605-1
SECUNIA: 30105
VUPEN: ADV-2008-0999
VUPEN: ADV-2008-0998
VUPEN: ADV-2008-2091
VUPEN: ADV-2008-1793
SLACKWARE: SSA:2008-128-02
XF: firefox-javascript-eng...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080327 rPSA-2008-012...