Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2008-4062

Disclosure Date: September 24, 2008 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Products

References

Canonical

CVE-2008-4062 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062)

BID-31346 (http://www.securityfocus.com/bid/31346)

Advisory

SECUNIA-32025 (http://secunia.com/advisories/32025)

SECUNIA-32011 (http://secunia.com/advisories/32011)

DSA-1697 (http://www.debian.org/security/2009/dsa-1697)

SECTRACK-1020916 (http://www.securitytracker.com/id?1020916)

SECUNIA-32096 (http://secunia.com/advisories/32096)

FEDORA-2008-8401 (https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html)

http://www.mozilla.org/security/announce/2008/mfsa2008-42.html

USN-645-1 (http://www.ubuntu.com/usn/usn-645-1)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

XF-multiple-mozilla-javascript-code-execution(45355) (https://exchange.xforce.ibmcloud.com/vulnerabilities/45355)

SECUNIA-32144 (http://secunia.com/advisories/32144)

SECUNIA-32010 (http://secunia.com/advisories/32010)

ADV-2009-0977 (http://www.vupen.com/english/advisories/2009/0977)

USN-645-2 (http://www.ubuntu.com/usn/usn-645-2)

SECUNIA-31985 (http://secunia.com/advisories/31985)

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

SECUNIA-31984 (http://secunia.com/advisories/31984)

SECUNIA-32185 (http://secunia.com/advisories/32185)

SECUNIA-32196 (http://secunia.com/advisories/32196)

https://bugzilla.mozilla.org/show_bug.cgi?id=367736

FEDORA-2008-8425 (https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html)

DSA-1669 (http://www.debian.org/security/2008/dsa-1669)

SECUNIA-32042 (http://secunia.com/advisories/32042)

https://bugzilla.mozilla.org/show_bug.cgi?id=444608

SECUNIA-33433 (http://secunia.com/advisories/33433)

ADV-2008-2661 (http://www.vupen.com/english/advisories/2008/2661)

SECUNIA-32095 (http://secunia.com/advisories/32095)

SECUNIA-32089 (http://secunia.com/advisories/32089)

SUNALERT-256408 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1)

SECUNIA-32092 (http://secunia.com/advisories/32092)

http://www.redhat.com/support/errata/RHSA-2008-0879.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

DSA-1696 (http://www.debian.org/security/2009/dsa-1696)

http://download.novell.com/Download?buildid=WZXONb-tqBw~

FEDORA-2008-8429 (https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html)

SECUNIA-31987 (http://secunia.com/advisories/31987)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10206

USN-647-1 (http://www.ubuntu.com/usn/usn-647-1)

SECUNIA-32007 (http://secunia.com/advisories/32007)

http://www.redhat.com/support/errata/RHSA-2008-0882.html

SECUNIA-32845 (http://secunia.com/advisories/32845)

DSA-1649 (http://www.debian.org/security/2008/dsa-1649)

SECUNIA-32012 (http://secunia.com/advisories/32012)

SECUNIA-33434 (http://secunia.com/advisories/33434)

SECUNIA-32044 (http://secunia.com/advisories/32044)

http://www.redhat.com/support/errata/RHSA-2008-0908.html

SECUNIA-34501 (http://secunia.com/advisories/34501)

SECUNIA-32082 (http://secunia.com/advisories/32082)

https://bugzilla.mozilla.org/show_bug.cgi?id=445229

Miscellaneous

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

Rapid7

Technical Analysis