FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4060

This CVE name corresponds to:

Entered	Topic
2008-09-24	mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-4060 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-4060
Phase	Assigned(20080912)

Description

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.

References

Source	Reference
CONFIRM	http://www.mozilla.org/security/announce/2008/mfsa2008-41.html
CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=448548
CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=451037
CONFIRM	http://download.novell.com/Download?buildid=WZXONb-tqBw~
DEBIAN	DSA-1669
DEBIAN	DSA-1697
DEBIAN	DSA-1696
DEBIAN	DSA-1649
FEDORA	FEDORA-2008-8401
FEDORA	FEDORA-2008-8429
FEDORA	FEDORA-2008-8425
MANDRIVA	MDVSA-2008:205
MANDRIVA	MDVSA-2008:206
REDHAT	RHSA-2008:0908
REDHAT	RHSA-2008:0879
REDHAT	RHSA-2008:0882
SLACKWARE	SSA:2008-269-01
SLACKWARE	SSA:2008-269-02
SLACKWARE	SSA:2008-270-01
SUNALERT	256408
SUSE	SUSE-SA:2008:050
UBUNTU	USN-647-1
UBUNTU	USN-645-1
UBUNTU	USN-645-2
BID	31346
OVAL	oval:org.mitre.oval:def:11607
SECUNIA	34501
SECUNIA	32185
SECUNIA	32196
VUPEN	ADV-2008-2661
SECTRACK	1020915
SECUNIA	32042
SECUNIA	32025
SECUNIA	32092
SECUNIA	32144
SECUNIA	32044
SECUNIA	32082
SECUNIA	32089
SECUNIA	32095
SECUNIA	32096
SECUNIA	32845
SECUNIA	31984
SECUNIA	31985
SECUNIA	31987
SECUNIA	32007
SECUNIA	32010
SECUNIA	32011
SECUNIA	32012
SECUNIA	33433
SECUNIA	33434
VUPEN	ADV-2009-0977
XF	firefox-xslt-code-execution(45353)