cvelistv5 - cve-2008-3837

CVE-2008-3837 (GCVE-0-2008-3837)

Vulnerability from cvelistv5

Published

2008-09-24 18:00

Modified

2024-08-07 09:53

Severity ?

CWE

Summary

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.

References

URL

Tags

	http://secunia.com/advisories/32011	third-party-advisory, x_refsource_SECUNIA
	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232	vendor-advisory, x_refsource_SLACKWARE
	http://www.debian.org/security/2009/dsa-1697	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/32096	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/usn-645-1	vendor-advisory, x_refsource_UBUNTU
	https://exchange.xforce.ibmcloud.com/vulnerabilities/45348	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/32144	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/32010	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/0977	vdb-entry, x_refsource_VUPEN
	http://www.ubuntu.com/usn/usn-645-2	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/31346	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/31985	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/31984	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/32185	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/32196	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9950	vdb-entry, signature, x_refsource_OVAL
	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2008/dsa-1669	vendor-advisory, x_refsource_DEBIAN
	http://www.mozilla.org/security/announce/2008/mfsa2008-40.html	x_refsource_CONFIRM
	http://secunia.com/advisories/32042	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33433	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/2661	vdb-entry, x_refsource_VUPEN
	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422	vendor-advisory, x_refsource_SLACKWARE
	http://secunia.com/advisories/32095	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/32089	third-party-advisory, x_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1	vendor-advisory, x_refsource_SUNALERT
	http://www.securitytracker.com/id?1020922	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2008-0879.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.mozilla.org/show_bug.cgi?id=329385	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:205	vendor-advisory, x_refsource_MANDRIVA
	http://download.novell.com/Download?buildid=WZXONb-tqBw~	x_refsource_CONFIRM
	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/31987	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-0882.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/32845	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2008/dsa-1649	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/32012	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/32044	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/34501	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:53:00.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32011",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32011"
          },
          {
            "name": "SSA:2008-269-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.405232"
          },
          {
            "name": "DSA-1697",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1697"
          },
          {
            "name": "32096",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32096"
          },
          {
            "name": "FEDORA-2008-8401",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html"
          },
          {
            "name": "USN-645-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-645-1"
          },
          {
            "name": "firefox-draganddrop-weak-security(45348)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45348"
          },
          {
            "name": "32144",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32144"
          },
          {
            "name": "32010",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32010"
          },
          {
            "name": "ADV-2009-0977",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0977"
          },
          {
            "name": "USN-645-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-645-2"
          },
          {
            "name": "31346",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31346"
          },
          {
            "name": "31985",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31985"
          },
          {
            "name": "SUSE-SA:2008:050",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html"
          },
          {
            "name": "31984",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31984"
          },
          {
            "name": "32185",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32185"
          },
          {
            "name": "32196",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32196"
          },
          {
            "name": "oval:org.mitre.oval:def:9950",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9950"
          },
          {
            "name": "FEDORA-2008-8425",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html"
          },
          {
            "name": "DSA-1669",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1669"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-40.html"
          },
          {
            "name": "32042",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32042"
          },
          {
            "name": "33433",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33433"
          },
          {
            "name": "ADV-2008-2661",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2661"
          },
          {
            "name": "SSA:2008-269-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.379422"
          },
          {
            "name": "32095",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32095"
          },
          {
            "name": "32089",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32089"
          },
          {
            "name": "256408",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
          },
          {
            "name": "1020922",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020922"
          },
          {
            "name": "RHSA-2008:0879",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0879.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=329385"
          },
          {
            "name": "MDVSA-2008:205",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.novell.com/Download?buildid=WZXONb-tqBw~"
          },
          {
            "name": "FEDORA-2008-8429",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html"
          },
          {
            "name": "31987",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31987"
          },
          {
            "name": "RHSA-2008:0882",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0882.html"
          },
          {
            "name": "32845",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32845"
          },
          {
            "name": "DSA-1649",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1649"
          },
          {
            "name": "32012",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32012"
          },
          {
            "name": "32044",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32044"
          },
          {
            "name": "34501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34501"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "32011",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32011"
        },
        {
          "name": "SSA:2008-269-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.405232"
        },
        {
          "name": "DSA-1697",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1697"
        },
        {
          "name": "32096",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32096"
        },
        {
          "name": "FEDORA-2008-8401",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html"
        },
        {
          "name": "USN-645-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-645-1"
        },
        {
          "name": "firefox-draganddrop-weak-security(45348)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45348"
        },
        {
          "name": "32144",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32144"
        },
        {
          "name": "32010",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32010"
        },
        {
          "name": "ADV-2009-0977",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0977"
        },
        {
          "name": "USN-645-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-645-2"
        },
        {
          "name": "31346",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31346"
        },
        {
          "name": "31985",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31985"
        },
        {
          "name": "SUSE-SA:2008:050",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html"
        },
        {
          "name": "31984",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31984"
        },
        {
          "name": "32185",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32185"
        },
        {
          "name": "32196",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32196"
        },
        {
          "name": "oval:org.mitre.oval:def:9950",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9950"
        },
        {
          "name": "FEDORA-2008-8425",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html"
        },
        {
          "name": "DSA-1669",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1669"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-40.html"
        },
        {
          "name": "32042",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32042"
        },
        {
          "name": "33433",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33433"
        },
        {
          "name": "ADV-2008-2661",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2661"
        },
        {
          "name": "SSA:2008-269-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.379422"
        },
        {
          "name": "32095",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32095"
        },
        {
          "name": "32089",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32089"
        },
        {
          "name": "256408",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
        },
        {
          "name": "1020922",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020922"
        },
        {
          "name": "RHSA-2008:0879",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0879.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=329385"
        },
        {
          "name": "MDVSA-2008:205",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.novell.com/Download?buildid=WZXONb-tqBw~"
        },
        {
          "name": "FEDORA-2008-8429",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html"
        },
        {
          "name": "31987",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31987"
        },
        {
          "name": "RHSA-2008:0882",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0882.html"
        },
        {
          "name": "32845",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32845"
        },
        {
          "name": "DSA-1649",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1649"
        },
        {
          "name": "32012",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32012"
        },
        {
          "name": "32044",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32044"
        },
        {
          "name": "34501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34501"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-3837",
    "datePublished": "2008-09-24T18:00:00.000Z",
    "dateReserved": "2008-08-27T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:53:00.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-473

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Ces vulnérabilités peuvent être exploitées afin réaliser des actions malveillantes diverses.

Description

Un très grand nombre de vulnérabilités ont été découvertes dans les produits Mozilla Firefox 3, Firefox 2, Thunderbird et SeaMonkey. L'exploitation de ces vulnérabilités permet à un utilisateur malintentionné de réaliser diverses actions, dont l'exécution de code arbitraire à distance.

Solution

Se référer aux bulletins de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox	Mozilla Firefox 2.0.0.16 et versions antérieures ;
Mozilla	Thunderbird	Mozilla Thunderbird 2.0.0.16 et versions antérieures ;
Mozilla	Firefox	Mozilla Firefox 3.0.1 ;
Mozilla	N/A	Mozilla SeaMonkey 1.1.11 et versions antérieures.

References

Title

Publication Time

Tags

Bulletins de mise à jour Mozilla du 23 septembre 2008	None	vendor-advisory
Bulletin de sécurité de la fondation Mozilla 2008/MFSA2008-37 du 23 septembre 2008 :	-	other
Bulletin de sécurité Ubuntu	-	other
Bulletin de sécurité Debian DSA-1649-1 du 08 octobre 2008 :	-	other
Bulletin de sécurité FEDORA-2008-8425	-	other
Bulletin de sécurité RedHat RHSA-2008:0882-24 du 23 septembre 2008 :	-	other
Bulletin de sécurité openSUSE SUSE-SA:2008:050 du 08 octobre 2008 :	-	other
Bulletin de sécurité FEDORA-2008-8399	-	other
Bulletin de sécurité FEDORA-2008-8425	-	other
Bulletin de sécurité Ubuntu	-	other
Bulletin de sécurité de la fondation Mozilla 2008/MFSA2008-38 du 23 septembre 2008 :	-	other
Bulletin de sécurité de la fondation Mozilla 2008/MFSA2008-45 du 23 septembre 2008 :	-	other
Bulletin de sécurité Ubuntu	-	other
Bulletin de sécurité de la fondation Mozilla 2008/MFSA2008-43 du 23 septembre 2008 :	-	other
Bulletin de sécurité de la fondation Mozilla 2008/MFSA2008-42 du 23 septembre 2008 :	-	other
Bulletin de sécurité de la fondation Mozilla 2008/MFSA2008-40 du 23 septembre 2008 :	-	other
Bulletin de sécurité de la fondation Mozilla 2008/MFSA2008-39 du 23 septembre 2008 :	-	other
Bulletin de sécurité FEDORA-2008-8401	-	other
Bulletin de sécurité de la fondation Mozilla 2008/MFSA2008-44 du 23 septembre 2008 :	-	other
Bulletin de sécurité de la fondation Mozilla 2008/MFSA2008-41 du 23 septembre 2008 :	-	other
Bulletin de sécurité FEDORA-2008-8429	-	other
Bulletin de sécurité Redhat RHSA-2008-0879 http://rhn.redhat.com/errata/RHSA-2008-0879.html	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Firefox 2.0.0.16 et versions ant\u00e9rieures ;",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Mozilla Thunderbird 2.0.0.16 et versions ant\u00e9rieures ;",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Mozilla Firefox 3.0.1 ;",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Mozilla SeaMonkey 1.1.11 et versions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUn tr\u00e8s grand nombre de vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les\nproduits Mozilla Firefox 3, Firefox 2, Thunderbird et SeaMonkey.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet \u00e0 un utilisateur\nmalintentionn\u00e9 de r\u00e9aliser diverses actions, dont l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-4058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4058"
    },
    {
      "name": "CVE-2008-4060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4060"
    },
    {
      "name": "CVE-2008-4065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4065"
    },
    {
      "name": "CVE-2008-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0016"
    },
    {
      "name": "CVE-2008-4061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4061"
    },
    {
      "name": "CVE-2008-4059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4059"
    },
    {
      "name": "CVE-2008-4069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4069"
    },
    {
      "name": "CVE-2008-4062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4062"
    },
    {
      "name": "CVE-2008-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4067"
    },
    {
      "name": "CVE-2008-3837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3837"
    },
    {
      "name": "CVE-2008-4068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4068"
    },
    {
      "name": "CVE-2008-4066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4066"
    },
    {
      "name": "CVE-2008-3835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3835"
    }
  ],
  "initial_release_date": "2008-09-24T00:00:00",
  "last_revision_date": "2008-10-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2008/MFSA2008-37 du 23 septembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-37.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu",
      "url": "http://www.ubuntu.com/usn/usn-647-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1649-1 du 08 octobre 2008 :",
      "url": "http://lists.debian.org/debian-security-announce/2008/msg00240.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FEDORA-2008-8425",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg01334.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0882-24 du 23    septembre 2008 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0882/html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 openSUSE SUSE-SA:2008:050 du 08    octobre 2008 :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FEDORA-2008-8399",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg01362.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FEDORA-2008-8425",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg01335.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu",
      "url": "http://www.ubuntu.com/usn/usn-645-2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2008/MFSA2008-38 du 23 septembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-38.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2008/MFSA2008-45 du 23 septembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-45.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu",
      "url": "http://www.ubuntu.com/usn/usn-645-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2008/MFSA2008-43 du 23 septembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-43.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2008/MFSA2008-42 du 23 septembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-42.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2008/MFSA2008-40 du 23 septembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-40.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2008/MFSA2008-39 du 23 septembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-39.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FEDORA-2008-8401",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg01384.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2008/MFSA2008-44 du 23 septembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-44.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2008/MFSA2008-41 du 23 septembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-41.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FEDORA-2008-8429",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg01403.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Redhat RHSA-2008-0879      http://rhn.redhat.com/errata/RHSA-2008-0879.html",
      "url": "http://rhn.redhat.com/erata/RHSA-2008-0879.html"
    }
  ],
  "reference": "CERTA-2008-AVI-473",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-09-24T00:00:00.000000"
    },
    {
      "description": "Ajout Ubuntu et FEDORA",
      "revision_date": "2008-09-30T00:00:00.000000"
    },
    {
      "description": "Ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Debian, openSUSE et RedHat.",
      "revision_date": "2008-10-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nMozilla. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es afin r\u00e9aliser des\nactions malveillantes diverses.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de mise \u00e0 jour Mozilla du 23 septembre 2008",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-3837 (GCVE-0-2008-3837)

Vulnerability from cvelistv5

CERTA-2008-AVI-473

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature