Lucene search

[email protected]CVE-2008-4061

HistorySep 24, 2008 - 8:37 p.m.

CVE-2008-4061

2008-09-2420:37:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2008-4061

integer overflow

mozilla firefox

thunderbird

seamonkey

denial of service

memory corruption

application crash

arbitrary code execution

nvd

10 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.235 Low

EPSS

Percentile

96.5%

JSON

Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt2.0.0.17
mozilla:firefoxmozilla firefoxlt3.0.2
mozilla:seamonkeymozilla seamonkeylt1.1.12
mozilla:thunderbirdmozilla thunderbirdlt2.0.0.17
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	lt	2.0.0.17
mozilla:firefox	mozilla firefox	lt	3.0.2
mozilla:seamonkey	mozilla seamonkey	lt	1.1.12
mozilla:thunderbird	mozilla thunderbird	lt	2.0.0.17
debian:debian_linux	debian debian linux	eq	4.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04

References

download.novell.com/Download?buildid=WZXONb-tqBw~

lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

secunia.com/advisories/31984

secunia.com/advisories/31985

secunia.com/advisories/31987

secunia.com/advisories/32007

secunia.com/advisories/32010

secunia.com/advisories/32011

secunia.com/advisories/32012

secunia.com/advisories/32025

secunia.com/advisories/32042

secunia.com/advisories/32044

secunia.com/advisories/32082

secunia.com/advisories/32089

secunia.com/advisories/32092

secunia.com/advisories/32095

secunia.com/advisories/32096

secunia.com/advisories/32144

secunia.com/advisories/32185

secunia.com/advisories/32196

secunia.com/advisories/32845

secunia.com/advisories/33433

secunia.com/advisories/33434

secunia.com/advisories/34501

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

www.debian.org/security/2008/dsa-1649

www.debian.org/security/2008/dsa-1669

www.debian.org/security/2009/dsa-1696

www.debian.org/security/2009/dsa-1697

www.mandriva.com/security/advisories?name=MDVSA-2008:205

www.mandriva.com/security/advisories?name=MDVSA-2008:206

www.mozilla.org/security/announce/2008/mfsa2008-42.html

www.redhat.com/support/errata/RHSA-2008-0879.html

www.redhat.com/support/errata/RHSA-2008-0882.html

www.redhat.com/support/errata/RHSA-2008-0908.html

www.securityfocus.com/bid/31346

www.securitytracker.com/id?1020916

www.ubuntu.com/usn/usn-645-1

www.ubuntu.com/usn/usn-645-2

www.ubuntu.com/usn/usn-647-1

www.vupen.com/english/advisories/2008/2661

www.vupen.com/english/advisories/2009/0977

bugzilla.mozilla.org/show_bug.cgi?id=443089

exchange.xforce.ibmcloud.com/vulnerabilities/45351

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10794

www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

10 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.235 Low

EPSS

Percentile

96.5%

JSON

Related for CVE-2008-4061

cvelist1 veracode1 ubuntucve1 prion1 securityvulns2 mozilla1 fedora41 openvas111 redhat3 nessus27 oraclelinux3 centos4 osv1 debian1 ubuntu1