Lucene search

K
cve[email protected]CVE-2008-0412
HistoryFeb 08, 2008 - 10:00 p.m.

CVE-2008-0412

2008-02-0822:00:00
CWE-399
web.nvd.nist.gov
42
cve-2008-0412
mozilla firefox
thunderbird
seamonkey
denial of service
remote attack
memory corruption

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

High

0.101 Low

EPSS

Percentile

95.0%

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.

Affected configurations

NVD
Node
mozillafirefoxRange2.0.0.11
OR
mozillaseamonkeyRange1.1.7
OR
mozillathunderbirdRange2.0.0.11

References

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

High

0.101 Low

EPSS

Percentile

95.0%