// For flags

CVE-2008-0419

Mozilla arbitrary code execution

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.

Mozilla Firefox versiones anteriores a 2.0.0.12 y SeaMonkey versiones anteriores a 1.1.8, permite a los atacantes remotos robar el historial de navegación y causar una denegación de servicio (bloqueo) por medio de imágenes en una página que usa tramas designMode, lo que desencadena corrupción de memoria relacionada con el manejo del redimensionamiento.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-01-23 CVE Reserved
  • 2008-02-08 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (58)
URL Tag Source
http://browser.netscape.com/releasenotes X_refsource_confirm
http://secunia.com/advisories/30327 Third Party Advisory
http://secunia.com/advisories/30620 Third Party Advisory
http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html X_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2008-0051 X_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2008-0093 X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093 X_refsource_confirm
http://www.kb.cert.org/vuls/id/879056 Third Party Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-06.html X_refsource_confirm
http://www.securityfocus.com/archive/1/487826/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/488002/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/488971/100/0/threaded Mailing List
http://www.securityfocus.com/bid/27683 Vdb Entry
http://www.securitytracker.com/id?1019328 Vdb Entry
http://www.vupen.com/english/advisories/2008/0453/references Vdb Entry
http://www.vupen.com/english/advisories/2008/0627/references Vdb Entry
http://www.vupen.com/english/advisories/2008/1793/references Vdb Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=400556 X_refsource_confirm
https://issues.rpath.com/browse/RPL-1995 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11652 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html 2018-10-15
http://secunia.com/advisories/28754 2018-10-15
http://secunia.com/advisories/28758 2018-10-15
http://secunia.com/advisories/28766 2018-10-15
http://secunia.com/advisories/28808 2018-10-15
http://secunia.com/advisories/28815 2018-10-15
http://secunia.com/advisories/28818 2018-10-15
http://secunia.com/advisories/28839 2018-10-15
http://secunia.com/advisories/28864 2018-10-15
http://secunia.com/advisories/28865 2018-10-15
http://secunia.com/advisories/28877 2018-10-15
http://secunia.com/advisories/28879 2018-10-15
http://secunia.com/advisories/28924 2018-10-15
http://secunia.com/advisories/28939 2018-10-15
http://secunia.com/advisories/28958 2018-10-15
http://secunia.com/advisories/29049 2018-10-15
http://secunia.com/advisories/29086 2018-10-15
http://secunia.com/advisories/29164 2018-10-15
http://secunia.com/advisories/29167 2018-10-15
http://secunia.com/advisories/29567 2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1 2018-10-15
http://www.debian.org/security/2008/dsa-1484 2018-10-15
http://www.debian.org/security/2008/dsa-1485 2018-10-15
http://www.debian.org/security/2008/dsa-1489 2018-10-15
http://www.debian.org/security/2008/dsa-1506 2018-10-15
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml 2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:048 2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0103.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0104.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0105.html 2018-10-15
http://www.ubuntu.com/usn/usn-576-1 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html 2018-10-15
https://access.redhat.com/security/cve/CVE-2008-0419 2008-02-08
https://bugzilla.redhat.com/show_bug.cgi?id=431749 2008-02-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 <= 2.0.0.11
Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.11"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 <= 1.1.7
Search vendor "Mozilla" for product "Seamonkey" and version " <= 1.1.7"
-
Affected