Fluid Attacks Database

Description

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers."

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	thunderbird	<0:2.0.0.19-1.el5_2	0:2.0.0.19-1.el5_2
rpm rhel5	xulrunner	<0:1.9.0.5-1.el5_2	0:1.9.0.5-1.el5_2
rpm rhel5	nspr	<0:4.7.3-2.el5	0:4.7.3-2.el5
rpm rhel5	nss	<0:3.12.2.0-2.el5	0:3.12.2.0-2.el5
rpm rhel5	firefox	<0:3.0.5-1.el5_2	0:3.0.5-1.el5_2

Aliases

1. CVE-2008-55122. NVD-2008-55123. OSV-2008-5512

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.