Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-5500

Опубликовано: 17 дек. 2008
Источник: nvd
CVSS2: 10
EPSS Низкий

Описание

The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.

Комментарий

Per http://www.mozilla.org/security/announce/2008/mfsa2008-60.html

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Версия от 2.0 (включая) до 2.0.0.19 (исключая)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Версия от 3.0 (включая) до 3.0.5 (исключая)
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Версия от 1.0 (включая) до 1.1.14 (исключая)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Версия от 2.0 (включая) до 2.0.0.19 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 87%
0.03551
Низкий

10 Critical

CVSS2

Дефекты

CWE-399

Связанные уязвимости

ubuntu логотип

CVE-2008-5500

ubuntu
больше 16 лет назад

The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.

redhat логотип

CVE-2008-5500

redhat
больше 16 лет назад

The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.

debian логотип

CVE-2008-5500

debian
больше 16 лет назад

The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2 ...

github логотип

GHSA-6h85-mxrc-rvwx

github
около 3 лет назад

The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.

oracle-oval логотип

ELSA-2008-1036

oracle-oval
больше 16 лет назад

ELSA-2008-1036: firefox security update (CRITICAL)

EPSS

Процентиль: 87%
0.03551
Низкий

10 Critical

CVSS2

Дефекты

CWE-399