// For flags

CVE-2008-4064

Mozilla crashes with evidence of memory corruption

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.

Múltiples vulnerabilidades no especificadas en Firefox de Mozilla 3.x antes de 3.0.2 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código de su elección mediante vectores relacionados con renderizado de gráficos y (1) manipulado de una caja de mensaje de alerta larga en la función cairo_surface_set_device_offset, (2) desbordamientos de entero cuando se manipulan datos PNG animados en la función info_callback en nsPNGDecoder.cpp, y (3) un desbordamiento de entero cuando se manipulan datos SVG en la función nsSVGFEGaussianBlurElement::SetupPredivide en nsSVGFilters.cpp.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-09-12 CVE Reserved
  • 2008-09-24 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-02-26 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (32)
URL Tag Source
http://secunia.com/advisories/31987 Third Party Advisory
http://secunia.com/advisories/32011 Third Party Advisory
http://secunia.com/advisories/32012 Third Party Advisory
http://secunia.com/advisories/32025 Third Party Advisory
http://secunia.com/advisories/32044 Third Party Advisory
http://secunia.com/advisories/32082 Third Party Advisory
http://secunia.com/advisories/32089 Third Party Advisory
http://secunia.com/advisories/32095 Third Party Advisory
http://secunia.com/advisories/32096 Third Party Advisory
http://secunia.com/advisories/32196 Third Party Advisory
http://secunia.com/advisories/34501 Third Party Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-42.html X_refsource_confirm
http://www.securityfocus.com/bid/31346 Vdb Entry
http://www.securitytracker.com/id?1020916 Vdb Entry
http://www.vupen.com/english/advisories/2008/2661 Vdb Entry
http://www.vupen.com/english/advisories/2009/0977 Vdb Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=441368 X_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=441995 X_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=443693 X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/45357 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11743 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html 2017-09-29
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422 2017-09-29
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123 2017-09-29
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 2017-09-29
http://www.redhat.com/support/errata/RHSA-2008-0879.html 2017-09-29
http://www.ubuntu.com/usn/usn-645-1 2017-09-29
http://www.ubuntu.com/usn/usn-645-2 2017-09-29
http://www.ubuntu.com/usn/usn-647-1 2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html 2017-09-29
https://access.redhat.com/security/cve/CVE-2008-4064 2008-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=463204 2008-09-24
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 <= 3.0.1
Search vendor "Mozilla" for product "Firefox" and version " <= 3.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.0
Search vendor "Mozilla" for product "Firefox" and version "3.0"
-
Affected