CVE-2008-2419

Publication date 23 May 2008

Last updated 24 July 2024

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in loading an empty Java applet defined by a 'src="javascript:"' sequence.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Ignored
	7.10 gutsy	Ignored
	7.04 feisty	Ignored
	6.06 LTS dapper	Ignored
firefox-3.0	9.10 karmic	Not in release
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release
iceape	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Ignored
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release
iceweasel	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release
seamonkey	9.10 karmic	Ignored
	9.04 jaunty	Ignored
	8.10 intrepid	Ignored
	8.04 LTS hardy	Ignored
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release
xulrunner	9.10 karmic	Ignored
	9.04 jaunty	Ignored
	8.10 intrepid	Ignored
	8.04 LTS hardy	Ignored
	7.10 gutsy	Ignored
	7.04 feisty	Ignored
	6.06 LTS dapper	Not in release

Notes

jdstrand

firefox 3 not affected. seems a simple DoS, but will elevate if evidence of ability to execute code

mdeslaur

upstream couldn't reproduce, ignoring.

CVE-2008-2419

Status

Notes

jdstrand

mdeslaur

References

Other references