Lucene search

RedhatCVE-2008-4064

HistorySep 24, 2008 - 8:37 p.m.

CVE-2008-4064

2008-09-2420:37:04

CWE-399

redhat

web.nvd.nist.gov

cve-2008-4064

mozilla firefox

3.x

denial of service

memory corruption

arbitrary code

graphics rendering

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.394

Percentile

97.3%

JSON

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.

Affected configurations

Nvd

Node

mozillafirefoxRange≤3.0.1

mozillafirefoxMatch3.0

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox3.0cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	3.0	cpe:2.3:a:mozilla:firefox:3.0:::::::*

References

lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

secunia.com/advisories/31987

secunia.com/advisories/32011

secunia.com/advisories/32012

secunia.com/advisories/32025

secunia.com/advisories/32044

secunia.com/advisories/32082

secunia.com/advisories/32089

secunia.com/advisories/32095

secunia.com/advisories/32096

secunia.com/advisories/32196

secunia.com/advisories/34501

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

www.mozilla.org/security/announce/2008/mfsa2008-42.html

www.redhat.com/support/errata/RHSA-2008-0879.html

www.securityfocus.com/bid/31346

www.securitytracker.com/id?1020916

www.ubuntu.com/usn/usn-645-1

www.ubuntu.com/usn/usn-645-2

www.ubuntu.com/usn/usn-647-1

www.vupen.com/english/advisories/2008/2661

www.vupen.com/english/advisories/2009/0977

bugzilla.mozilla.org/show_bug.cgi?id=441368

bugzilla.mozilla.org/show_bug.cgi?id=441995

bugzilla.mozilla.org/show_bug.cgi?id=443693

exchange.xforce.ibmcloud.com/vulnerabilities/45357

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11743

www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.394

Percentile

97.3%

JSON

Related for CVE-2008-4064