CVE-2008-4062

Properties

Published:
23.09.2008
Updated:
28.01.2009
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Product:
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird

Vulnerability description

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.

References:

FEDORA: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
FEDORA: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
FEDORA: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html
CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=445229
CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=444608
CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=367736
XF: http://xforce.iss.net/xforce/xfdb/45355
UBUNTU: http://www.ubuntu.com/usn/usn-647-1
UBUNTU: http://www.ubuntu.com/usn/usn-645-2
UBUNTU: http://www.ubuntu.com/usn/usn-645-1
SECTRACK: http://www.securitytracker.com/id?1020916
BID: http://www.securityfocus.com/bid/31346
REDHAT: http://www.redhat.com/support/errata/RHSA-2008-0908.html
REDHAT: http://www.redhat.com/support/errata/RHSA-2008-0882.html
REDHAT: http://www.redhat.com/support/errata/RHSA-2008-0879.html
CONFIRM: http://www.mozilla.org/security/announce/2008/mfsa2008-42.html
MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2008:206
MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
FRSIRT: http://www.frsirt.com/english/advisories/2008/2661
DEBIAN: http://www.debian.org/security/2009/dsa-1697
DEBIAN: http://www.debian.org/security/2008/dsa-1669
SLACKWARE: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
SLACKWARE: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
SLACKWARE: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
SECUNIA: http://secunia.com/advisories/33433
SECUNIA: http://secunia.com/advisories/32845
SECUNIA: http://secunia.com/advisories/32144
SECUNIA: http://secunia.com/advisories/32096
SECUNIA: http://secunia.com/advisories/32095
SECUNIA: http://secunia.com/advisories/32092
SECUNIA: http://secunia.com/advisories/32089
SECUNIA: http://secunia.com/advisories/32082
SECUNIA: http://secunia.com/advisories/32044
SECUNIA: http://secunia.com/advisories/32042
SECUNIA: http://secunia.com/advisories/32025
SECUNIA: http://secunia.com/advisories/32012
SECUNIA: http://secunia.com/advisories/32011
SECUNIA: http://secunia.com/advisories/32010
SECUNIA: http://secunia.com/advisories/32007
SECUNIA: http://secunia.com/advisories/31987
SECUNIA: http://secunia.com/advisories/31985
SECUNIA: http://secunia.com/advisories/31984
SUSE: http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
CONFIRM: http://download.novell.com/Download?buildid=WZXONb-tqBw~