// For flags

CVE-2008-4062

Mozilla crashes with evidence of memory corruption

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.

Múltiples vulnerabilidades sin especificar en Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey antes de 1.1.12 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección mediante vectores relacionados con el motor javaScript y (1) una mala interpretación de las características de Namespace y QName en jsxml.c, (2) un mal uso de enteros con signo en la función nsEscapeCount de nsEscape.cpp, y (3) la interacción de una colección de basura JavaScript con un cierto uso de NPObject en la función nsNPObjWrapper::GetNewOrUsed de nsJSNPRuntime.cpp.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-09-12 CVE Reserved
  • 2008-09-24 CVE Published
  • 2023-06-15 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (55)
URL Tag Source
http://download.novell.com/Download?buildid=WZXONb-tqBw~ Third Party Advisory
http://secunia.com/advisories/31984 Third Party Advisory
http://secunia.com/advisories/31985 Third Party Advisory
http://secunia.com/advisories/31987 Third Party Advisory
http://secunia.com/advisories/32007 Third Party Advisory
http://secunia.com/advisories/32010 Third Party Advisory
http://secunia.com/advisories/32011 Third Party Advisory
http://secunia.com/advisories/32012 Third Party Advisory
http://secunia.com/advisories/32025 Third Party Advisory
http://secunia.com/advisories/32042 Third Party Advisory
http://secunia.com/advisories/32044 Third Party Advisory
http://secunia.com/advisories/32082 Third Party Advisory
http://secunia.com/advisories/32089 Third Party Advisory
http://secunia.com/advisories/32092 Third Party Advisory
http://secunia.com/advisories/32095 Third Party Advisory
http://secunia.com/advisories/32096 Third Party Advisory
http://secunia.com/advisories/32144 Third Party Advisory
http://secunia.com/advisories/32185 Third Party Advisory
http://secunia.com/advisories/32196 Third Party Advisory
http://secunia.com/advisories/32845 Third Party Advisory
http://secunia.com/advisories/33433 Third Party Advisory
http://secunia.com/advisories/33434 Third Party Advisory
http://secunia.com/advisories/34501 Third Party Advisory
http://www.securityfocus.com/bid/31346 Third Party Advisory
http://www.securitytracker.com/id?1020916 Third Party Advisory
http://www.vupen.com/english/advisories/2008/2661 Third Party Advisory
http://www.vupen.com/english/advisories/2009/0977 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45355 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10206 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html 2018-11-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422 2018-11-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232 2018-11-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123 2018-11-01
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 2018-11-01
http://www.debian.org/security/2008/dsa-1649 2018-11-01
http://www.debian.org/security/2008/dsa-1669 2018-11-01
http://www.debian.org/security/2009/dsa-1696 2018-11-01
http://www.debian.org/security/2009/dsa-1697 2018-11-01
http://www.mandriva.com/security/advisories?name=MDVSA-2008:205 2018-11-01
http://www.mandriva.com/security/advisories?name=MDVSA-2008:206 2018-11-01
http://www.mozilla.org/security/announce/2008/mfsa2008-42.html 2018-11-01
http://www.redhat.com/support/errata/RHSA-2008-0879.html 2018-11-01
http://www.redhat.com/support/errata/RHSA-2008-0882.html 2018-11-01
http://www.redhat.com/support/errata/RHSA-2008-0908.html 2018-11-01
http://www.ubuntu.com/usn/usn-645-1 2018-11-01
http://www.ubuntu.com/usn/usn-645-2 2018-11-01
http://www.ubuntu.com/usn/usn-647-1 2018-11-01
https://bugzilla.mozilla.org/show_bug.cgi?id=367736 2018-11-01
https://bugzilla.mozilla.org/show_bug.cgi?id=444608 2018-11-01
https://bugzilla.mozilla.org/show_bug.cgi?id=445229 2018-11-01
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html 2018-11-01
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html 2018-11-01
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html 2018-11-01
https://access.redhat.com/security/cve/CVE-2008-4062 2008-10-01
https://bugzilla.redhat.com/show_bug.cgi?id=463201 2008-10-01
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 < 2.0.0.17
Search vendor "Mozilla" for product "Firefox" and version " < 2.0.0.17"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 >= 3.0 < 3.0.2
Search vendor "Mozilla" for product "Firefox" and version " >= 3.0 < 3.0.2"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 < 1.1.12
Search vendor "Mozilla" for product "Seamonkey" and version " < 1.1.12"
-
Affected
Mozilla
Search vendor "Mozilla"
 Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
 < 2.0.0.17
Search vendor "Mozilla" for product "Thunderbird" and version " < 2.0.0.17"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
lts
Affected