Lucene search

[email protected]CVE-2008-4064

HistorySep 24, 2008 - 8:37 p.m.

CVE-2008-4064

2008-09-2420:37:00

CWE-399

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2008-4064

mozilla firefox

3.x

denial of service

memory corruption

arbitrary code

graphics rendering

nvd

10 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.394 Low

EPSS

Percentile

97.2%

JSON

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle3.0.1
mozilla:firefoxmozilla firefoxeq3.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	3.0.1
mozilla:firefox	mozilla firefox	eq	3.0

References

lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

secunia.com/advisories/31987

secunia.com/advisories/32011

secunia.com/advisories/32012

secunia.com/advisories/32025

secunia.com/advisories/32044

secunia.com/advisories/32082

secunia.com/advisories/32089

secunia.com/advisories/32095

secunia.com/advisories/32096

secunia.com/advisories/32196

secunia.com/advisories/34501

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

www.mozilla.org/security/announce/2008/mfsa2008-42.html

www.redhat.com/support/errata/RHSA-2008-0879.html

www.securityfocus.com/bid/31346

www.securitytracker.com/id?1020916

www.ubuntu.com/usn/usn-645-1

www.ubuntu.com/usn/usn-645-2

www.ubuntu.com/usn/usn-647-1

www.vupen.com/english/advisories/2008/2661

www.vupen.com/english/advisories/2009/0977

bugzilla.mozilla.org/show_bug.cgi?id=441368

bugzilla.mozilla.org/show_bug.cgi?id=441995

bugzilla.mozilla.org/show_bug.cgi?id=443693

exchange.xforce.ibmcloud.com/vulnerabilities/45357

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11743

www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html

10 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.394 Low

EPSS

Percentile

97.2%

JSON

Related for CVE-2008-4064

checkpoint_advisories1 ubuntucve1 veracode1 prion1 mozilla1 securityvulns1 fedora39 openvas105 redhat1 nessus29 oraclelinux1 centos1 ubuntu4 freebsd1 seebug1 suse2 gentoo1