CVE-2008-4063

2008-09-2420:37:04

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

Low

EPSS

0.111

Percentile

95.2%

JSON

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the “this” variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the “g” character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.

Affected configurations

Nvd

Node

canonicalubuntu_linuxMatch6.06-lts

canonicalubuntu_linuxMatch7.04

canonicalubuntu_linuxMatch7.10

canonicalubuntu_linuxMatch8.04-lts

Node

mozillafirefoxRange≤3.0.1

mozillafirefoxMatch3.0

VendorProductVersionCPE
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:-:lts:*:*:*:*:*
canonicalubuntu_linux7.04cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
canonicalubuntu_linux7.10cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox3.0cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
canonical	ubuntu_linux	6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06:-:lts:::::*
canonical	ubuntu_linux	7.04	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
canonical	ubuntu_linux	7.10	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
canonical	ubuntu_linux	8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:::::*
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	3.0	cpe:2.3:a:mozilla:firefox:3.0:::::::*