CyberSec.Space Logo
Back to CVE Browser

CVE-2008-5018

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0120%
EPSS Percentile29.93th
PublishedNov 13, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Firefox

>= 2.0 and < 2.0.0.18
πŸ“¦
Mozilla

Firefox

>= 3.0 and < 3.0.4
πŸ“¦
Mozilla

Seamonkey

>= 1.0 and < 1.1.13
πŸ“¦
Mozilla

Thunderbird

>= 2.0 and < 2.0.0.18
πŸ’»
Debian

Debian Linux

= 4.0
πŸ’»
Canonical

Ubuntu Linux

= 6.06
πŸ’»
Canonical

Ubuntu Linux

= 7.10
πŸ’»
Canonical

Ubuntu Linux

= 8.04
πŸ’»
Canonical

Ubuntu Linux

= 8.10

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
πŸ”— http://secunia.com/advisories/32684
πŸ”— http://secunia.com/advisories/32693
πŸ”— http://secunia.com/advisories/32694
πŸ”— http://secunia.com/advisories/32695
πŸ”— http://secunia.com/advisories/32713
πŸ”— http://secunia.com/advisories/32714
πŸ”— http://secunia.com/advisories/32715

Related Vulnerabilities

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...

CVE-2019-2513610.0

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and ...

CVE-2018-1850510.0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee...

CVE-2020-1238810.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...