Vulnerability Description
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 2.0.0.16 |
| Mozilla | Seamonkey | All versions |
| Mozilla | Thunderbird | All versions |
Related Weaknesses (CWE)
References
- http://download.novell.com/Download?buildid=WZXONb-tqBw~
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
- http://secunia.com/advisories/31984
- http://secunia.com/advisories/31985
- http://secunia.com/advisories/31987
- http://secunia.com/advisories/32007
- http://secunia.com/advisories/32010
- http://secunia.com/advisories/32011
- http://secunia.com/advisories/32012
- http://secunia.com/advisories/32025
- http://secunia.com/advisories/32042
- http://secunia.com/advisories/32044
- http://secunia.com/advisories/32082
- http://secunia.com/advisories/32089
- http://secunia.com/advisories/32092
FAQ
What is CVE-2008-4060?
CVE-2008-4060 is a vulnerability with a CVSS score of 7.5 (HIGH). Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute...
How severe is CVE-2008-4060?
CVE-2008-4060 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4060?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.