9.3

CVE-2008-2785

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 2.0.0.15
MozillaFirefox Version2.0
MozillaFirefox Version2.0.0.1
MozillaFirefox Version2.0.0.2
MozillaFirefox Version2.0.0.3
MozillaFirefox Version2.0.0.4
MozillaFirefox Version2.0.0.5
MozillaFirefox Version2.0.0.6
MozillaFirefox Version2.0.0.7
MozillaFirefox Version2.0.0.8
MozillaFirefox Version2.0.0.9
MozillaFirefox Version2.0.0.10
MozillaFirefox Version2.0.0.11
MozillaFirefox Version2.0.0.12
MozillaFirefox Version2.0.0.13
MozillaFirefox Version2.0.0.14
MozillaFirefox Version3.0
MozillaSeamonkey Version <= 1.1.10
MozillaSeamonkey Version1.0
MozillaSeamonkey Version1.0 Updatealpha
MozillaSeamonkey Version1.0 Updatebeta
MozillaSeamonkey Version1.0.1
MozillaSeamonkey Version1.0.2
MozillaSeamonkey Version1.0.3
MozillaSeamonkey Version1.0.4
MozillaSeamonkey Version1.0.5
MozillaSeamonkey Version1.0.6
MozillaSeamonkey Version1.0.7
MozillaSeamonkey Version1.0.8
MozillaSeamonkey Version1.0.9
MozillaSeamonkey Version1.1
MozillaSeamonkey Version1.1 Updatealpha
MozillaSeamonkey Version1.1 Updatebeta
MozillaSeamonkey Version1.1.1
MozillaSeamonkey Version1.1.2
MozillaSeamonkey Version1.1.3
MozillaSeamonkey Version1.1.4
MozillaSeamonkey Version1.1.5
MozillaSeamonkey Version1.1.6
MozillaSeamonkey Version1.1.7
MozillaSeamonkey Version1.1.8
MozillaSeamonkey Version1.1.9
MozillaThunderbird Version <= 2.0.0.14
MozillaThunderbird Version0.1
MozillaThunderbird Version0.2
MozillaThunderbird Version0.3
MozillaThunderbird Version0.4
MozillaThunderbird Version0.5
MozillaThunderbird Version0.6
MozillaThunderbird Version0.7
MozillaThunderbird Version0.8
MozillaThunderbird Version0.9
MozillaThunderbird Version1.0
MozillaThunderbird Version1.0.2
MozillaThunderbird Version1.0.5
MozillaThunderbird Version1.0.6
MozillaThunderbird Version1.0.7
MozillaThunderbird Version1.0.8
MozillaThunderbird Version1.5
MozillaThunderbird Version1.5.0.2
MozillaThunderbird Version1.5.0.4
MozillaThunderbird Version1.5.0.5
MozillaThunderbird Version1.5.0.7
MozillaThunderbird Version1.5.0.8
MozillaThunderbird Version1.5.0.9
MozillaThunderbird Version1.5.0.10
MozillaThunderbird Version1.5.0.12
MozillaThunderbird Version1.5.0.13
MozillaThunderbird Version1.5.0.14
MozillaThunderbird Version2.0.0.0
MozillaThunderbird Version2.0.0.4
MozillaThunderbird Version2.0.0.5
MozillaThunderbird Version2.0.0.6
MozillaThunderbird Version2.0.0.9
MozillaThunderbird Version2.0.0.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.28% 0.915
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/31253
Vendor Advisory
http://secunia.com/advisories/33433
http://www.debian.org/security/2008/dsa-1621
http://www.debian.org/security/2009/dsa-1697
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
http://secunia.com/advisories/31377
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200808-03.xml
http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/
http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30
http://rhn.redhat.com/errata/RHSA-2008-0616.html
http://secunia.com/advisories/30761
Vendor Advisory
http://secunia.com/advisories/31121
http://secunia.com/advisories/31122
Vendor Advisory
http://secunia.com/advisories/31129
Vendor Advisory
http://secunia.com/advisories/31144
http://secunia.com/advisories/31145
Vendor Advisory
http://secunia.com/advisories/31154
Vendor Advisory
http://secunia.com/advisories/31157
Vendor Advisory
http://secunia.com/advisories/31176
Vendor Advisory
http://secunia.com/advisories/31183
Vendor Advisory
http://secunia.com/advisories/31195
Vendor Advisory
http://secunia.com/advisories/31220
Vendor Advisory
http://secunia.com/advisories/31261
Vendor Advisory
http://secunia.com/advisories/31270
Vendor Advisory
http://secunia.com/advisories/31286
Vendor Advisory
http://secunia.com/advisories/31306
Vendor Advisory
http://secunia.com/advisories/31403
Vendor Advisory
http://secunia.com/advisories/34501
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238
http://www.debian.org/security/2008/dsa-1614
http://www.debian.org/security/2008/dsa-1615
http://www.mandriva.com/security/advisories?name=MDVSA-2008:148
http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
Patch
Vendor Advisory
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400
http://www.redhat.com/support/errata/RHSA-2008-0597.html
http://www.redhat.com/support/errata/RHSA-2008-0598.html
http://www.redhat.com/support/errata/RHSA-2008-0599.html
http://www.securityfocus.com/archive/1/494504/100/0/threaded
http://www.securityfocus.com/archive/1/494860/100/0/threaded
http://www.securityfocus.com/bid/29802
http://www.securitytracker.com/id?1020336
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380767
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380974
http://www.ubuntu.com/usn/usn-623-1
http://www.ubuntu.com/usn/usn-626-1
http://www.ubuntu.com/usn/usn-626-2
http://www.ubuntu.com/usn/usn-629-1
http://www.vupen.com/english/advisories/2008/1873
http://www.vupen.com/english/advisories/2009/0977
http://www.zerodayinitiative.com/advisories/ZDI-08-044/
https://bugzilla.mozilla.org/show_bug.cgi?id=440230
https://exchange.xforce.ibmcloud.com/vulnerabilities/43167
https://issues.rpath.com/browse/RPL-2683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9900
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00667.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00672.html