CVE-2008-5014

Impact:
Critical
Public Date:
2008-11-12
Bugzilla:
470873: CVE-2008-5014 Mozilla crash and remote code execution via __proto__ tampering

The MITRE CVE dictionary describes this issue as:

jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.

Find out more about CVE-2008-5014 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 3 (seamonkey) RHSA-2008:0977 2008-11-13
Red Hat Enterprise Linux version 4 (firefox) RHSA-2008:0978 2008-11-13
Red Hat Enterprise Linux Desktop version 5 (thunderbird) RHSA-2008:0976 2008-11-20
Red Hat Enterprise Linux version 4 (thunderbird) RHSA-2008:0976 2008-11-20
Red Hat Enterprise Linux version 4 (seamonkey) RHSA-2008:0977 2008-11-13
Red Hat Enterprise Linux version 5 (firefox) RHSA-2008:0978 2008-11-13
Red Hat Enterprise Linux version 2.1 (seamonkey) RHSA-2008:0977 2008-11-13
Red Hat Enterprise Linux Optional Productivity Applications version 5 (thunderbird) RHSA-2008:0976 2008-11-20

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 5 devhelp 0.12-20.el5 Fixed
Red Hat Enterprise Linux version 5 yelp 2.16.0-22.el5 Fixed
Red Hat Enterprise Linux version 5 nss 3.12.1.1-3.el5 Fixed
Red Hat Enterprise Linux version 4 nss 3.12.1.1-3.el4 Fixed
Red Hat Enterprise Linux version 5 xulrunner 1.9.0.4-1.el5 Fixed