CVE-2008-4063

2008-09-2420:37:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2008-4063

mozilla firefox

remote attackers

denial of service

memory corruption

application crash

arbitrary code

layout engine

nscontentlist::item function

indic ime extension

hindi language

nsframelist::sortbycontentorder function

inline frames

nvd

9.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.111 Low

EPSS

Percentile

95.1%

JSON

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the “this” variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the “g” character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.10
mozilla:firefoxmozilla firefoxle3.0.1
mozilla:firefoxmozilla firefoxeq3.0

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.10
mozilla:firefox	mozilla firefox	le	3.0.1
mozilla:firefox	mozilla firefox	eq	3.0