Lucene search

K

[email protected]CVE-2008-5017

HistoryNov 13, 2008 - 11:30 a.m.

CVE-2008-5017

2008-11-1311:30:01

CWE-189

[email protected]

web.nvd.nist.gov

53

cve-2008-5017

nvd

integer overflow

xpcom

nsescape.cpp

mozilla firefox

thunderbird

seamonkey

denial of service

crash

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.4 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.2%

Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.

Affected configurations

NVD

Node

mozillafirefoxRange2.0–2.0.0.18

OR

mozillafirefoxRange3.0–3.0.4

OR

mozillaseamonkeyRange1.0–1.1.13

OR

mozillathunderbirdRange2.0–2.0.0.18

Node

debiandebian_linuxMatch4.0

Node

canonicalubuntu_linuxMatch6.06lts

OR

canonicalubuntu_linuxMatch7.10

OR

canonicalubuntu_linuxMatch8.04lts

OR

canonicalubuntu_linuxMatch8.10

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt2.0.0.18
mozilla:firefoxmozilla firefoxlt3.0.4
mozilla:seamonkeymozilla seamonkeylt1.1.13
mozilla:thunderbirdmozilla thunderbirdlt2.0.0.18

References

lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

secunia.com/advisories/32684

secunia.com/advisories/32693

secunia.com/advisories/32694

secunia.com/advisories/32695

secunia.com/advisories/32713

secunia.com/advisories/32714

secunia.com/advisories/32715

secunia.com/advisories/32721

secunia.com/advisories/32778

secunia.com/advisories/32798

secunia.com/advisories/32845

secunia.com/advisories/32853

secunia.com/advisories/33433

secunia.com/advisories/33434

secunia.com/advisories/34501

sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

ubuntu.com/usn/usn-667-1

www.debian.org/security/2008/dsa-1669

www.debian.org/security/2008/dsa-1671

www.debian.org/security/2009/dsa-1696

www.debian.org/security/2009/dsa-1697

www.mandriva.com/security/advisories?name=MDVSA-2008:228

www.mandriva.com/security/advisories?name=MDVSA-2008:230

www.mandriva.com/security/advisories?name=MDVSA-2008:235

www.mozilla.org/security/announce/2008/mfsa2008-52.html

www.redhat.com/support/errata/RHSA-2008-0976.html

www.redhat.com/support/errata/RHSA-2008-0977.html

www.redhat.com/support/errata/RHSA-2008-0978.html

www.securityfocus.com/bid/32281

www.securitytracker.com/id?1021183

www.us-cert.gov/cas/techalerts/TA08-319A.html

www.vupen.com/english/advisories/2008/3146

www.vupen.com/english/advisories/2009/0977

bugzilla.mozilla.org/show_bug.cgi?id=455987

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11436

www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.4 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.2%

Related for CVE-2008-5017

veracode1 prion1 nvd1 cvelist1 ubuntucve1 securityvulns2 mozilla1 openvas108 nessus32 ubuntu2 fedora37 oraclelinux3 centos4 redhat3 debian1 osv1