Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4063

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4063
Last Modified 19 Aug 2013 12:43:36
Published 24 Sep 2008 04:37:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4063

Summary

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 6.06

  • Canonical Ubuntu Linux 7.04

  • Canonical Ubuntu Linux 7.10

  • Canonical Ubuntu Linux 8.04

Application

  • Mozilla Firefox 3.0

  • Mozilla Firefox 3.0.1


References

FEDORA - FEDORA-2008-8425

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=444452

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=433758

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=413048

XF - mozilla-firefox-layout-code-execution(45354)

VUPEN - ADV-2009-0977

VUPEN - ADV-2008-2661

UBUNTU - USN-647-1

UBUNTU - USN-645-2

UBUNTU - USN-645-1

SECTRACK - 1020916

BID - 31346

REDHAT - RHSA-2008:0879

CONFIRM - http://www.mozilla.org/security/announce/2008/mfsa2008-42.html

SUNALERT - 256408

SLACKWARE - SSA:2008-270-01

SLACKWARE - SSA:2008-269-02

SECUNIA - 34501

SECUNIA - 32096

SECUNIA - 32095

SECUNIA - 32089

SECUNIA - 32082

SECUNIA - 32044

SECUNIA - 32025

SECUNIA - 32012

SECUNIA - 32011

SECUNIA - 31987

SUSE - SUSE-SA:2008:050

SECUNIA - 32196

Related Patches

Novell SUSE 2008:5654 gecko-sdk security update for SLE 10 i586


Last Updated: 27 May 2016 10:49:43