{"vuid":"VU#466521","idnumber":"466521","name":"Mozilla JavaScript privilege escalation","keywords":["Mozilla","Firefox","privilege escalation","arbitrary code execution","XPCNativeWrapper pollution","cross-site scripting","xss","mozilla_200803","mozilla_2008003"],"overview":"Mozilla products contain multiple vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code.","clean_desc":"Mozilla Firefox, Thunderbird, and SeaMonkey do not properly handle JavaScript, which  may allow privilege escalation and execution of arbitrary code on an affected system.","impact":"Successful exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","resolution":"Apply an update Mozilla Foundation has issued new versions of the affected products which address these vulnerabilities. Please see MFSA 2008-14 for more details.","workarounds":"Workaround\nDisabling JavaScript is an effective workaround for these vulnerabilities. It is strongly recommended that you disable JavaScript until a version containing patches for these vulnerabilities can be installed.","sysaffected":"","thanks":"","author":"This document was written by Joseph Pruszynski.","public":["h","t","t","p",":","/","/","w","w","w",".","m","o","z","i","l","l","a",".","o","r","g","/","s","e","c","u","r","i","t","y","/","a","n","n","o","u","n","c","e","/","2","0","0","8","/","m","f","s","a","2","0","0","8","-","1","4",".","h","t","m","l"],"cveids":["CVE-2008-1233","CVE-2008-1234","CVE-2008-1235"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2008-03-26T11:31:27Z","publicdate":"2008-03-25T00:00:00Z","datefirstpublished":"2008-03-27T19:01:58Z","dateupdated":"2008-03-27T21:08:21Z","revision":17,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"11","cam_exploitation":"5","cam_internetinfrastructure":"7","cam_population":"15","cam_impact":"14","cam_easeofexploitation":"15","cam_attackeraccessrequired":"15","cam_scorecurrent":"20.3765625","cam_scorecurrentwidelyknown":"28.35","cam_scorecurrentwidelyknownexploited":"41.6390625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":20.3765625,"vulnote":null}