Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2008-4064

Published: 24/09/2008 Updated: 29/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Mozilla

Vulnerability Summary

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x prior to 3.0.2 allow remote malicious users to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla firefox 3.0

Vendor Advisories

Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An updated firefox package that fixes various security issues is nowavailable for Red Hat Enterprise Linux 4 and 5This update has been rated as having critical security impact by the RedHat Security Response Team ...
Ubuntu Security Notice: firefox, firefox-3.0, xulrunner-1.9 vulnerabilities
Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code (CVE-2008-0016) ...
Ubuntu Security Notice: mozilla-thunderbird, thunderbird vulnerabilities
It was discovered that the same-origin check in Thunderbird could be bypassed If a user had JavaScript enabled and were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website (CVE-2008-3835) ...
Ubuntu Security Notice: firefox-3.0, xulrunner-1.9 regression
USN-645-1 fixed vulnerabilities in Firefox and xulrunner The upstream patches introduced a regression in the saved password handling While password data was not lost, if a user had saved any passwords with non-ASCII characters, Firefox could not access the password database This update fixes the problem ...
Ubuntu Security Notice: firefox vulnerabilities
USN-645-1 fixed vulnerabilities in Firefox and xulrunner for Ubuntu 704, 710 and 804 LTS This provides the corresponding update for Ubuntu 606 LTS ...
Mozilla: Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
Mozilla Foundation Security Advisory 2008-42 Crashes with evidence of memory corruption (rv:1902/18117) Announced September 23, 2008 Reporter Mozilla developers and community Impact Critical Products Firefox, SeaMonkey, ...

References

CWE-399NVD-CWE-noinfohttps://bugzilla.mozilla.org/show_bug.cgi?id=441995https://bugzilla.mozilla.org/show_bug.cgi?id=443693http://www.mozilla.org/security/announce/2008/mfsa2008-42.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=441368http://secunia.com/advisories/32025http://www.ubuntu.com/usn/usn-647-1http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.htmlhttp://secunia.com/advisories/32089http://secunia.com/advisories/32044http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123http://secunia.com/advisories/32082http://secunia.com/advisories/32095http://secunia.com/advisories/32096https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.htmlhttp://www.ubuntu.com/usn/usn-645-2http://secunia.com/advisories/32011http://www.securitytracker.com/id?1020916http://www.redhat.com/support/errata/RHSA-2008-0879.htmlhttp://www.ubuntu.com/usn/usn-645-1http://www.securityfocus.com/bid/31346http://secunia.com/advisories/31987http://secunia.com/advisories/32012http://secunia.com/advisories/34501http://www.vupen.com/english/advisories/2009/0977http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1http://www.vupen.com/english/advisories/2008/2661http://secunia.com/advisories/32196https://exchange.xforce.ibmcloud.com/vulnerabilities/45357https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11743https://access.redhat.com/errata/RHSA-2008:0879https://nvd.nist.govhttps://usn.ubuntu.com/645-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook