Home > Vulnerability Database > CVE-2008-4062

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2008-4062

Date: September 24, 2008

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.

Severity Score

9.8

Related Resources (57)

Url: http://secunia.com/advisories/32196

Url: http://secunia.com/advisories/31987

Url: http://secunia.com/advisories/31985

Url: http://secunia.com/advisories/31984

Url: http://www.securitytracker.com/id?1020916

Url: http://www.vupen.com/english/advisories/2009/0977

Url: http://secunia.com/advisories/32082

Url: http://www.redhat.com/support/errata/RHSA-2008-0882.html

Url: http://download.novell.com/Download?buildid=WZXONb-tqBw~

Url: http://www.debian.org/security/2008/dsa-1669

Url: http://secunia.com/advisories/33433

Url: http://secunia.com/advisories/32144

Url: http://secunia.com/advisories/33434

Url: http://secunia.com/advisories/32185

Url: http://www.redhat.com/support/errata/RHSA-2008-0879.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/45355

Url: http://secunia.com/advisories/32025

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-42.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-4062

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Url: http://www.ubuntu.com/usn/usn-645-1

Url: http://www.ubuntu.com/usn/usn-645-2

Url: https://access.redhat.com/security/cve/CVE-2008-4062

Url: http://www.ubuntu.com/usn/usn-647-1

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10206

Url: http://www.debian.org/security/2009/dsa-1696

Url: http://secunia.com/advisories/32012

Url: http://secunia.com/advisories/32011

Url: http://www.debian.org/security/2009/dsa-1697

Url: http://secunia.com/advisories/32010

Url: http://secunia.com/advisories/32096

Url: http://secunia.com/advisories/32095

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=445229

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=444608

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

Url: http://www.redhat.com/support/errata/RHSA-2008-0908.html

Url: http://www.vupen.com/english/advisories/2008/2661

Url: http://www.debian.org/security/2008/dsa-1649

Url: http://secunia.com/advisories/32089

Url: http://secunia.com/advisories/34501

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=367736

Url: http://secunia.com/advisories/32044

Url: http://secunia.com/advisories/32042

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4062

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

Url: http://secunia.com/advisories/32845

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

Url: http://secunia.com/advisories/32007

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

Url: http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html

Url: http://secunia.com/advisories/32092

Url: http://www.securityfocus.com/bid/31346

Url: https://www.mend.io/vulnerability-database/CVE-2008-4062

Severity Score

9.8

Weakness Type (CWE)

Resource Management Errors

CWE-399

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us