[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-4063Date: (C)2008-09-24   (M)2023-12-22


Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1020916
SUNALERT-256408
BID-31346
SECUNIA-31987
SECUNIA-32011
SECUNIA-32012
SECUNIA-32025
SECUNIA-32044
SECUNIA-32082
SECUNIA-32089
SECUNIA-32095
SECUNIA-32096
SECUNIA-32196
SECUNIA-34501
ADV-2008-2661
ADV-2009-0977
FEDORA-2008-8425
RHSA-2008:0879
SSA:2008-269-02
SSA:2008-270-01
SUSE-SA:2008:050
USN-645-1
USN-645-2
USN-647-1
http://www.mozilla.org/security/announce/2008/mfsa2008-42.html
https://bugzilla.mozilla.org/show_bug.cgi?id=413048
https://bugzilla.mozilla.org/show_bug.cgi?id=433758
https://bugzilla.mozilla.org/show_bug.cgi?id=444452
mozilla-firefox-layout-code-execution(45354)
oval:org.mitre.oval:def:11151

CPE    6
cpe:/o:canonical:ubuntu_linux:7.04
cpe:/o:canonical:ubuntu_linux:8.04:-:lts
cpe:/o:canonical:ubuntu_linux:6.06:-:lts
cpe:/a:mozilla:firefox
...

© SecPod Technologies