CVE-2008-0412

08.02.2008, 22:00

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Vendor	Product	Version
mozilla	firefox	𝑥 ≤ 2.0.0.11
mozilla	seamonkey	𝑥 ≤ 1.1.7
mozilla	thunderbird	𝑥 ≤ 2.0.0.11

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

intrepid	dne
hardy	Fixed 2.0.0.12+2nobinonly+2-0ubuntu3 released
gutsy	Fixed 2.0.0.12+2nobinonly+2-0ubuntu0.7.10 released
feisty	Fixed 2.0.0.12+1nobinonly+2-0ubuntu0.7.4 released
edgy	Fixed 2.0.0.12+0nobinonly+2-0ubuntu0.6.10 released
dapper	Fixed 1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1 released

iceape

intrepid	dne
hardy	dne
gutsy	ignored
feisty	dne
edgy	dne
dapper	dne

icedove

intrepid	dne
hardy	dne
gutsy	dne
feisty	dne
edgy	dne
dapper	dne

iceweasel

intrepid	dne
hardy	dne
gutsy	dne
feisty	dne
edgy	dne
dapper	dne

mozilla-thunderbird

intrepid	dne
hardy	dne
gutsy	dne
feisty	Fixed 1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0 released
edgy	Fixed 1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.0 released
dapper	Fixed 1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.0 released

seamonkey

intrepid	not-affected
hardy	not-affected
gutsy	dne
feisty	dne
edgy	dne
dapper	dne

thunderbird

intrepid	Fixed 2.0.0.12+nobinonly-0ubuntu1 released
hardy	Fixed 2.0.0.12+nobinonly-0ubuntu1 released
gutsy	Fixed 2.0.0.12+nobinonly-0ubuntu0.7.10.0 released
feisty	dne
edgy	dne
dapper	dne

xulrunner

intrepid	Fixed 1.8.1.13+nobinonly-0ubuntu1 released
hardy	Fixed 1.8.1.13+nobinonly-0ubuntu1 released
gutsy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 released
feisty	ignored
edgy	ignored
dapper	dne

Common Weakness Enumeration

CWE-399 -

References

http://browser.netscape.com/releasenotes/

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html

http://secunia.com/advisories/28754

http://secunia.com/advisories/28758

http://secunia.com/advisories/28766

http://secunia.com/advisories/28808

http://secunia.com/advisories/28815

http://secunia.com/advisories/28818

http://secunia.com/advisories/28839

http://secunia.com/advisories/28864

http://secunia.com/advisories/28865

http://secunia.com/advisories/28877

http://secunia.com/advisories/28879

http://secunia.com/advisories/28924

http://secunia.com/advisories/28939

http://secunia.com/advisories/28958

http://secunia.com/advisories/29049

http://secunia.com/advisories/29086

http://secunia.com/advisories/29098

http://secunia.com/advisories/29164

http://secunia.com/advisories/29167

http://secunia.com/advisories/29211

http://secunia.com/advisories/29567

http://secunia.com/advisories/30327

http://secunia.com/advisories/30620

http://secunia.com/advisories/31043

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

http://wiki.rpath.com/Advisories:rPSA-2008-0051

http://wiki.rpath.com/Advisories:rPSA-2008-0093

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

http://www.debian.org/security/2008/dsa-1484

http://www.debian.org/security/2008/dsa-1485

http://www.debian.org/security/2008/dsa-1489

http://www.debian.org/security/2008/dsa-1506

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:048

http://www.mandriva.com/security/advisories?name=MDVSA-2008:062

http://www.mozilla.org/security/announce/2008/mfsa2008-01.html

http://www.redhat.com/support/errata/RHSA-2008-0103.html

http://www.redhat.com/support/errata/RHSA-2008-0104.html

http://www.redhat.com/support/errata/RHSA-2008-0105.html

http://www.securityfocus.com/archive/1/487826/100/0/threaded

http://www.securityfocus.com/archive/1/488002/100/0/threaded

http://www.securityfocus.com/archive/1/488971/100/0/threaded

http://www.securityfocus.com/bid/27683

http://www.securitytracker.com/id?1019320

http://www.ubuntu.com/usn/usn-576-1

http://www.ubuntu.com/usn/usn-582-1

http://www.ubuntu.com/usn/usn-582-2

http://www.vupen.com/english/advisories/2008/0453/references

http://www.vupen.com/english/advisories/2008/0454/references

http://www.vupen.com/english/advisories/2008/0627/references

http://www.vupen.com/english/advisories/2008/1793/references

http://www.vupen.com/english/advisories/2008/2091/references

https://bugzilla.mozilla.org/buglist.cgi?bug_id=398088%2C393141%2C364801%2C346405%2C396613%2C394337%2C406290

https://issues.rpath.com/browse/RPL-1995

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10573

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html

http://browser.netscape.com/releasenotes/

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html

http://secunia.com/advisories/28754

http://secunia.com/advisories/28758

http://secunia.com/advisories/28766

http://secunia.com/advisories/28808

http://secunia.com/advisories/28815

http://secunia.com/advisories/28818

http://secunia.com/advisories/28839

http://secunia.com/advisories/28864

http://secunia.com/advisories/28865

http://secunia.com/advisories/28877

http://secunia.com/advisories/28879

http://secunia.com/advisories/28924

http://secunia.com/advisories/28939

http://secunia.com/advisories/28958

http://secunia.com/advisories/29049

http://secunia.com/advisories/29086

http://secunia.com/advisories/29098

http://secunia.com/advisories/29164

http://secunia.com/advisories/29167

http://secunia.com/advisories/29211

http://secunia.com/advisories/29567

http://secunia.com/advisories/30327

http://secunia.com/advisories/30620

http://secunia.com/advisories/31043

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1

http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

http://wiki.rpath.com/Advisories:rPSA-2008-0051

http://wiki.rpath.com/Advisories:rPSA-2008-0093

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

http://www.debian.org/security/2008/dsa-1484

http://www.debian.org/security/2008/dsa-1485

http://www.debian.org/security/2008/dsa-1489

http://www.debian.org/security/2008/dsa-1506

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:048

http://www.mandriva.com/security/advisories?name=MDVSA-2008:062

http://www.mozilla.org/security/announce/2008/mfsa2008-01.html

http://www.redhat.com/support/errata/RHSA-2008-0103.html

http://www.redhat.com/support/errata/RHSA-2008-0104.html

http://www.redhat.com/support/errata/RHSA-2008-0105.html

http://www.securityfocus.com/archive/1/487826/100/0/threaded

http://www.securityfocus.com/archive/1/488002/100/0/threaded

http://www.securityfocus.com/archive/1/488971/100/0/threaded

http://www.securityfocus.com/bid/27683

http://www.securitytracker.com/id?1019320

http://www.ubuntu.com/usn/usn-576-1

http://www.ubuntu.com/usn/usn-582-1

http://www.ubuntu.com/usn/usn-582-2

http://www.vupen.com/english/advisories/2008/0453/references

http://www.vupen.com/english/advisories/2008/0454/references

http://www.vupen.com/english/advisories/2008/0627/references

http://www.vupen.com/english/advisories/2008/1793/references

http://www.vupen.com/english/advisories/2008/2091/references

https://bugzilla.mozilla.org/buglist.cgi?bug_id=398088%2C393141%2C364801%2C346405%2C396613%2C394337%2C406290

https://issues.rpath.com/browse/RPL-1995

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10573

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html