Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4064

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4064
Last Modified 29 Oct 2012 11:16:31
Published 24 Sep 2008 04:37:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4064

Summary

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.

Vulnerable Systems

Application

  • Mozilla Firefox 3.0

  • Mozilla Firefox 3.0.1


References

FEDORA - FEDORA-2008-8425

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=443693

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=441995

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=441368

XF - firefox-imagegraphics-code-execution(45357)

VUPEN - ADV-2009-0977

VUPEN - ADV-2008-2661

UBUNTU - USN-647-1

UBUNTU - USN-645-2

UBUNTU - USN-645-1

SECTRACK - 1020916

BID - 31346

REDHAT - RHSA-2008:0879

CONFIRM - http://www.mozilla.org/security/announce/2008/mfsa2008-42.html

SUNALERT - 256408

SLACKWARE - SSA:2008-270-01

SLACKWARE - SSA:2008-269-02

SECUNIA - 34501

SECUNIA - 32096

SECUNIA - 32095

SECUNIA - 32089

SECUNIA - 32082

SECUNIA - 32044

SECUNIA - 32025

SECUNIA - 32012

SECUNIA - 32011

SECUNIA - 31987

SUSE - SUSE-SA:2008:050

SECUNIA - 32196

Related Patches

Novell SUSE 2008:5654 gecko-sdk security update for SLE 10 i586


Last Updated: 27 May 2016 11:01:18