CVE-2008-1380

The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	2.0.0.13 (including)
Firefox	Mozilla	2.0 (including)	2.0 (including)
Firefox	Mozilla	2.0-beta1 (including)	2.0-beta1 (including)
Firefox	Mozilla	2.0-rc2 (including)	2.0-rc2 (including)
Firefox	Mozilla	2.0-rc3 (including)	2.0-rc3 (including)
Firefox	Mozilla	2.0.0.1 (including)	2.0.0.1 (including)
Firefox	Mozilla	2.0.0.2 (including)	2.0.0.2 (including)
Firefox	Mozilla	2.0.0.3 (including)	2.0.0.3 (including)
Firefox	Mozilla	2.0.0.4 (including)	2.0.0.4 (including)
Firefox	Mozilla	2.0.0.5 (including)	2.0.0.5 (including)
Firefox	Mozilla	2.0.0.6 (including)	2.0.0.6 (including)
Firefox	Mozilla	2.0.0.7 (including)	2.0.0.7 (including)
Firefox	Mozilla	2.0.0.8 (including)	2.0.0.8 (including)
Firefox	Mozilla	2.0.0.9 (including)	2.0.0.9 (including)
Firefox	Mozilla	2.0.0.10 (including)	2.0.0.10 (including)
Firefox	Mozilla	2.0.0.11 (including)	2.0.0.11 (including)
Firefox	Mozilla	2.0.0.12 (including)	2.0.0.12 (including)
Seamonkey	Mozilla	*	1.1.9 (including)
Seamonkey	Mozilla	1.0 (including)	1.0 (including)
Seamonkey	Mozilla	1.0.1 (including)	1.0.1 (including)
Seamonkey	Mozilla	1.0.2 (including)	1.0.2 (including)
Seamonkey	Mozilla	1.0.3 (including)	1.0.3 (including)
Seamonkey	Mozilla	1.0.4 (including)	1.0.4 (including)
Seamonkey	Mozilla	1.0.5 (including)	1.0.5 (including)
Seamonkey	Mozilla	1.0.6 (including)	1.0.6 (including)
Seamonkey	Mozilla	1.0.7 (including)	1.0.7 (including)
Seamonkey	Mozilla	1.0.8 (including)	1.0.8 (including)
Seamonkey	Mozilla	1.0.9 (including)	1.0.9 (including)
Seamonkey	Mozilla	1.0.99 (including)	1.0.99 (including)
Seamonkey	Mozilla	1.1 (including)	1.1 (including)
Seamonkey	Mozilla	1.1.2 (including)	1.1.2 (including)
Seamonkey	Mozilla	1.1.3 (including)	1.1.3 (including)
Seamonkey	Mozilla	1.1.4 (including)	1.1.4 (including)
Seamonkey	Mozilla	1.1.5 (including)	1.1.5 (including)
Seamonkey	Mozilla	1.1.6 (including)	1.1.6 (including)
Seamonkey	Mozilla	1.1.7 (including)	1.1.7 (including)
Seamonkey	Mozilla	1.1.8 (including)	1.1.8 (including)
Thunderbird	Mozilla	*	2.0.0.13 (including)
Thunderbird	Mozilla	2.0.0.0 (including)	2.0.0.0 (including)
Thunderbird	Mozilla	2.0.0.1 (including)	2.0.0.1 (including)
Thunderbird	Mozilla	2.0.0.2 (including)	2.0.0.2 (including)
Thunderbird	Mozilla	2.0.0.3 (including)	2.0.0.3 (including)
Thunderbird	Mozilla	2.0.0.4 (including)	2.0.0.4 (including)
Thunderbird	Mozilla	2.0.0.5 (including)	2.0.0.5 (including)
Thunderbird	Mozilla	2.0.0.6 (including)	2.0.0.6 (including)
Thunderbird	Mozilla	2.0.0.8 (including)	2.0.0.8 (including)
Thunderbird	Mozilla	2.0.0.9 (including)	2.0.0.9 (including)
Thunderbird	Mozilla	2.0.0.11 (including)	2.0.0.11 (including)
Thunderbird	Mozilla	2.0.0.12 (including)	2.0.0.12 (including)
Red Hat Enterprise Linux 2.1	RedHat	seamonkey-0:1.0.9-0.15.el2	*
Red Hat Enterprise Linux 3	RedHat	seamonkey-0:1.0.9-0.17.el3	*
Red Hat Enterprise Linux 4	RedHat	firefox-0:1.5.0.12-0.15.el4	*
Red Hat Enterprise Linux 4	RedHat	seamonkey-0:1.0.9-16.el4	*
Red Hat Enterprise Linux 4	RedHat	thunderbird-0:1.5.0.12-11.el4	*
Red Hat Enterprise Linux 5	RedHat	firefox-0:1.5.0.12-15.el5_1	*
Red Hat Enterprise Linux 5	RedHat	thunderbird-0:1.5.0.12-12.el5_1	*
Firefox	Ubuntu	dapper	*
Firefox	Ubuntu	edgy	*
Firefox	Ubuntu	feisty	*
Firefox	Ubuntu	gutsy	*
Firefox	Ubuntu	hardy	*
Iceape	Ubuntu	gutsy	*
Seamonkey	Ubuntu	devel	*
Seamonkey	Ubuntu	hardy	*
Seamonkey	Ubuntu	intrepid	*
Seamonkey	Ubuntu	upstream	*
Thunderbird	Ubuntu	upstream	*
Xulrunner	Ubuntu	devel	*
Xulrunner	Ubuntu	feisty	*
Xulrunner	Ubuntu	gutsy	*
Xulrunner	Ubuntu	hardy	*
Xulrunner	Ubuntu	intrepid	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-1380
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References