CVE-2008-4069

Properties

Published:
23.09.2008
Updated:
28.01.2009
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Product:
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: seamonkey
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox
mozilla: firefox

Vulnerability description

The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.

References:

FEDORA: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
FEDORA: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=449703
XF: http://xforce.iss.net/xforce/xfdb/45361
UBUNTU: http://www.ubuntu.com/usn/usn-645-2
UBUNTU: http://www.ubuntu.com/usn/usn-645-1
SECTRACK: http://www.securitytracker.com/id?1020923
BID: http://www.securityfocus.com/bid/31346
REDHAT: http://www.redhat.com/support/errata/RHSA-2008-0882.html
CONFIRM: http://www.mozilla.org/security/announce/2008/mfsa2008-45.html
MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
FRSIRT: http://www.frsirt.com/english/advisories/2008/2661
DEBIAN: http://www.debian.org/security/2009/dsa-1697
DEBIAN: http://www.debian.org/security/2008/dsa-1669
MISC: http://www.blackhat.com/presentations/bh-usa-08/Hoffman/Hoffman-BH2008-CircumventingJavaScript.ppt
SLACKWARE: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
SLACKWARE: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
SECUNIA: http://secunia.com/advisories/33433
SECUNIA: http://secunia.com/advisories/32845
SECUNIA: http://secunia.com/advisories/32144
SECUNIA: http://secunia.com/advisories/32044
SECUNIA: http://secunia.com/advisories/32042
SECUNIA: http://secunia.com/advisories/32012
SECUNIA: http://secunia.com/advisories/32010
SECUNIA: http://secunia.com/advisories/31985
SECUNIA: http://secunia.com/advisories/31984
SUSE: http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
CONFIRM: http://download.novell.com/Download?buildid=WZXONb-tqBw~