CVE-2008-5502
JavaScript engine crash - Firefox 3 only
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions.
El motor de diseño en Mozilla Firefox 3.x antes de v3.0.5, Thunderbird 2.x antes de v2.0.0.19 y SeaMonkey 1.x antes de v1.1.14 permite a atacantes remotos provocar una denegación de servicio (caída) mediante vectores que disparan una corrupción de memoria, relacionada con las funciones GetXMLEntity y FastAppendChar.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-12-12 CVE Reserved
- 2008-12-17 CVE Published
- 2024-04-15 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (21)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/33188 | Third Party Advisory | |
http://secunia.com/advisories/33189 | Third Party Advisory | |
http://secunia.com/advisories/33203 | Third Party Advisory | |
http://secunia.com/advisories/33216 | Third Party Advisory | |
http://secunia.com/advisories/33421 | Third Party Advisory | |
http://secunia.com/advisories/34501 | Third Party Advisory | |
http://www.securityfocus.com/bid/32882 | Third Party Advisory | |
http://www.securitytracker.com/id?1021417 | Third Party Advisory | |
http://www.vupen.com/english/advisories/2009/0977 | Third Party Advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/47408 | Third Party Advisory | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10001 | Signature |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | >= 2.0 < 2.0.0.19 Search vendor "Mozilla" for product "Firefox" and version " >= 2.0 < 2.0.0.19" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | >= 3.0 < 3.0.5 Search vendor "Mozilla" for product "Firefox" and version " >= 3.0 < 3.0.5" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | >= 1.0 < 1.1.14 Search vendor "Mozilla" for product "Seamonkey" and version " >= 1.0 < 1.1.14" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10" | - |
Affected
|