CVE-2008-5018

Name of the Vulnerable Software and Affected Versions libxul0d-dbg versions (affected versions not specified) libxul-dev versions (affected versions not specified) libsmjs1 versions (affected versions not specified) libmozjs0d-dbg versions (affected versions not specified) Mozilla Firefox versions prior to 3.0.4 Mozilla Firefox versions prior to 2.0.0.18 Thunderbird versions prior to 2.0.0.18 SeaMonkey versions prior to 1.1.13 libmozjs0d versions (affected versions not specified) libxul0d versions (affected versions not specified) libnss3-0d-dbg versions (affected versions not specified) libsmjs-dev versions (affected versions not specified) libnss3-0d versions (affected versions not specified) libxul-common versions (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libxul0d-dbg, libxul-dev, libsmjs1, libmozjs0d-dbg, libmozjs0d, libxul0d, libnss3-0d-dbg, libsmjs-dev, libnss3-0d, and libxul-common. These vulnerabilities can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. The JavaScript engine in Mozilla Firefox, Thunderbird, and SeaMonkey is also affected, allowing remote attackers to cause a denial of service (crash) via insufficient class checking in the Date class.

Recommendations For libxul0d-dbg, consider disabling the vulnerable components until a patch is available. For libxul-dev, restrict access to the vulnerable modules to minimize the risk of exploitation. For libsmjs1, avoid using the vulnerable functions until the issue is resolved. For libmozjs0d-dbg, consider disabling the Date class until a patch is available. For Mozilla Firefox versions prior to 3.0.4, update to version 3.0.4 or later. For Mozilla Firefox versions prior to 2.0.0.18, update to version 2.0.0.18 or later. For Thunderbird versions prior to 2.0.0.18, update to version 2.0.0.18 or later. For SeaMonkey versions prior to 1.1.13, update to version 1.1.13 or later. For libmozjs0d, consider disabling the vulnerable components until a patch is available. For libxul0d, restrict access to the vulnerable modules to minimize the risk of exploitation. For libnss3-0d-dbg, avoid using the vulnerable functions until the issue is resolved. For libsmjs-dev, consider disabling the vulnerable components until a patch is available. For libnss3-0d, restrict access to the vulnerable modules to minimize the risk of exploitation. For libxul-common, avoid using the vulnerable functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability in the other affected packages.