Lucene search

K
cve[email protected]CVE-2008-0413
HistoryFeb 08, 2008 - 10:00 p.m.

CVE-2008-0413

2008-02-0822:00:00
CWE-399
web.nvd.nist.gov
40
cve-2008-0413
mozilla firefox
thunderbird
seamonkey
denial of service
memory corruption

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

High

0.162 Low

EPSS

Percentile

96.0%

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.

Affected configurations

NVD
Node
mozillafirefoxRange2.0.0.11
OR
mozillaseamonkeyRange1.1.7
OR
mozillathunderbirdRange2.0.0.11

References

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

High

0.162 Low

EPSS

Percentile

96.0%