CVE-2008-4060

Name of the Vulnerable Software and Affected Versions libxul0d-dbg versions (affected versions not specified) libxul-dev versions (affected versions not specified) libsmjs1 versions (affected versions not specified) libmozjs0d-dbg versions (affected versions not specified) libmozjs0d versions (affected versions not specified) Mozilla Firefox versions prior to 2.0.0.17 and 3.x prior to 3.0.2 Thunderbird versions prior to 2.0.0.17 SeaMonkey versions prior to 1.1.12 libxul0d versions (affected versions not specified) libnss3-0d-dbg versions (affected versions not specified) libnss3-0d versions (affected versions not specified) libsmjs-dev versions (affected versions not specified) libxul-common versions (affected versions not specified)

Description The issue involves multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libxul0d-dbg, libxul-dev, libsmjs1, libmozjs0d-dbg, libmozjs0d, libxul0d, libnss3-0d-dbg, libnss3-0d, libsmjs-dev, and libxul-common. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Additionally, Mozilla Firefox, Thunderbird, and SeaMonkey are affected, allowing remote attackers to create documents that lack script-handling objects and execute arbitrary code with chrome privileges via vectors related to the document.loadBindingDocument function and XSLT.

Recommendations For Mozilla Firefox versions prior to 2.0.0.17 and 3.x prior to 3.0.2, update to version 2.0.0.17 or 3.0.2 or later. For Thunderbird versions prior to 2.0.0.17, update to version 2.0.0.17 or later. For SeaMonkey versions prior to 1.1.12, update to version 1.1.12 or later. For libxul0d-dbg, libxul-dev, libsmjs1, libmozjs0d-dbg, libmozjs0d, libxul0d, libnss3-0d-dbg, libnss3-0d, libsmjs-dev, and libxul-common, at the moment, there is no information about a newer version that contains a fix for this vulnerability.