CVE-2008-1380

Publication date 17 April 2008

Last updated 4 August 2025

Ubuntu priority

Low

Why this priority?

The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.

Read the notes from the security team

Status

Package Ubuntu Release Status
firefox 8.10 intrepid Not in release
8.04 LTS hardy
Fixed 2.0.0.14+2nobinonly-0ubuntu1
7.10 gutsy
Fixed 2.0.0.14+2nobinonly-0ubuntu0.7.10
7.04 feisty
Fixed 2.0.0.14+1nobinonly-0ubuntu0.7.4
6.10 edgy
Fixed 2.0.0.14+0nobinonly-0ubuntu0.6.10
6.06 LTS dapper
Fixed 1.5.dfsg+1.5.0.15~prepatch080417a-0ubuntu1
iceape 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Ignored end of life, was needed
7.04 feisty Not in release
6.06 LTS dapper Not in release
icedove 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper Not in release
iceweasel 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper Not in release
mozilla-thunderbird 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty
Not affected
6.06 LTS dapper
Not affected
seamonkey 8.10 intrepid
Fixed 1.1.11+nobinonly-0ubuntu1
8.04 LTS hardy
Fixed 1.1.12+nobinonly-0ubuntu0.8.04.1
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper Not in release
thunderbird 8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
7.04 feisty Not in release
6.06 LTS dapper Not in release
xulrunner 8.10 intrepid
Fixed 1.8.1.14+nobinonly-1ubuntu1
8.04 LTS hardy
Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1
7.10 gutsy
Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1
7.04 feisty Ignored end of life, was needed
6.06 LTS dapper Not in release

Notes

jdstrand

thunderbird has the proper fix for CVE-2008-1237 in 2.0.0.14 and never had this issue

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
seamonkey

References

Related Ubuntu Security Notices (USN)

    • USN-602-1
    • Firefox vulnerabilities
    • 22 April 2008

Other references