CVE-2008-2785

EUVD-2008-2778
Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
≤ 2.0.0.15
mozillafirefox
2.0
mozillafirefox
2.0.0.1
mozillafirefox
2.0.0.2
mozillafirefox
2.0.0.3
mozillafirefox
2.0.0.4
mozillafirefox
2.0.0.5
mozillafirefox
2.0.0.6
mozillafirefox
2.0.0.7
mozillafirefox
2.0.0.8
mozillafirefox
2.0.0.9
mozillafirefox
2.0.0.10
mozillafirefox
2.0.0.11
mozillafirefox
2.0.0.12
mozillafirefox
2.0.0.13
mozillafirefox
2.0.0.14
mozillafirefox
3.0
mozillaseamonkey
𝑥
≤ 1.1.10
mozillaseamonkey
1.0
mozillaseamonkey
1.0:alpha
mozillaseamonkey
1.0:beta
mozillaseamonkey
1.0.1
mozillaseamonkey
1.0.2
mozillaseamonkey
1.0.3
mozillaseamonkey
1.0.4
mozillaseamonkey
1.0.5
mozillaseamonkey
1.0.6
mozillaseamonkey
1.0.7
mozillaseamonkey
1.0.8
mozillaseamonkey
1.0.9
mozillaseamonkey
1.1
mozillaseamonkey
1.1:alpha
mozillaseamonkey
1.1:beta
mozillaseamonkey
1.1.1
mozillaseamonkey
1.1.2
mozillaseamonkey
1.1.3
mozillaseamonkey
1.1.4
mozillaseamonkey
1.1.5
mozillaseamonkey
1.1.6
mozillaseamonkey
1.1.7
mozillaseamonkey
1.1.8
mozillaseamonkey
1.1.9
mozillathunderbird
𝑥
≤ 2.0.0.14
mozillathunderbird
0.1
mozillathunderbird
0.2
mozillathunderbird
0.3
mozillathunderbird
0.4
mozillathunderbird
0.5
mozillathunderbird
0.6
mozillathunderbird
0.7
mozillathunderbird
0.8
mozillathunderbird
0.9
mozillathunderbird
1.0
mozillathunderbird
1.0.2
mozillathunderbird
1.0.5
mozillathunderbird
1.0.6
mozillathunderbird
1.0.7
mozillathunderbird
1.0.8
mozillathunderbird
1.5
mozillathunderbird
1.5.0.2
mozillathunderbird
1.5.0.4
mozillathunderbird
1.5.0.5
mozillathunderbird
1.5.0.7
mozillathunderbird
1.5.0.8
mozillathunderbird
1.5.0.9
mozillathunderbird
1.5.0.10
mozillathunderbird
1.5.0.12
mozillathunderbird
1.5.0.13
mozillathunderbird
1.5.0.14
mozillathunderbird
2.0.0.0
mozillathunderbird
2.0.0.4
mozillathunderbird
2.0.0.5
mozillathunderbird
2.0.0.6
mozillathunderbird
2.0.0.9
mozillathunderbird
2.0.0.12
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
dapper
Fixed 1.5.dfsg+1.5.0.15~prepatch080614d-0ubuntu1
released
feisty
Fixed 2.0.0.16+0nobinonly-0ubuntu0.7.4
released
gutsy
Fixed 2.0.0.16+1nobinonly-0ubuntu0.7.10
released
hardy
Fixed 2.0.0.16+1nobinonly-0ubuntu0.8.04.1
released
intrepid
dne
jaunty
dne
karmic
dne
lucid
Fixed 3.0.1+build1+nobinonly-0ubuntu0.8.04.2
released
maverick
Fixed 3.0.1+build1+nobinonly-0ubuntu0.8.04.2
released
natty
Fixed 3.0.1+build1+nobinonly-0ubuntu0.8.04.2
released
firefox-3.0
dapper
dne
feisty
dne
gutsy
ignored
hardy
Fixed 3.0.1+build1+nobinonly-0ubuntu0.8.04.2
released
intrepid
Fixed 3.0.1+build1+nobinonly-0ubuntu1
released
jaunty
Fixed 3.0.1+build1+nobinonly-0ubuntu1
released
karmic
dne
lucid
dne
maverick
dne
natty
dne
iceape
dapper
dne
feisty
dne
gutsy
ignored
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
iceweasel
dapper
dne
feisty
dne
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
mozilla-thunderbird
dapper
Fixed 1.5.0.13+1.5.0.15~prepatch080614d-0ubuntu0.6.06.1
released
feisty
Fixed 1.5.0.13+1.5.0.15~prepatch080614d-0ubuntu0.7.04.1
released
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
seamonkey
dapper
dne
feisty
dne
gutsy
dne
hardy
Fixed 1.1.12+nobinonly-0ubuntu0.8.04.1
released
intrepid
Fixed 1.1.12+nobinonly-0ubuntu1
released
jaunty
Fixed 1.1.12+nobinonly-0ubuntu1
released
karmic
Fixed 1.1.12+nobinonly-0ubuntu1
released
lucid
Fixed 1.1.12+nobinonly-0ubuntu1
released
maverick
Fixed 1.1.12+nobinonly-0ubuntu1
released
natty
Fixed 1.1.12+nobinonly-0ubuntu1
released
thunderbird
dapper
dne
feisty
dne
gutsy
Fixed 2.0.0.16+nobinonly-0ubuntu0.7.10.1
released
hardy
Fixed 2.0.0.16+nobinonly-0ubuntu0.8.04.1
released
intrepid
Fixed 2.0.0.16+nobinonly-0ubuntu1
released
jaunty
Fixed 2.0.0.16+nobinonly-0ubuntu1
released
karmic
Fixed 2.0.0.16+nobinonly-0ubuntu1
released
lucid
Fixed 2.0.0.16+nobinonly-0ubuntu1
released
maverick
Fixed 2.0.0.16+nobinonly-0ubuntu1
released
natty
Fixed 2.0.0.16+nobinonly-0ubuntu1
released
xulrunner
dapper
dne
feisty
ignored
gutsy
Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1
released
hardy
Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1
released
intrepid
Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1
released
jaunty
ignored
karmic
ignored
lucid
dne
maverick
dne
natty
dne
xulrunner-1.9
dapper
dne
feisty
dne
gutsy
ignored
hardy
Fixed 1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3
released
intrepid
Fixed 1.9.0.1+build1+nobinonly-0ubuntu1
released
jaunty
Fixed 1.9.0.1+build1+nobinonly-0ubuntu1
released
karmic
dne
lucid
dne
maverick
dne
natty
dne
Common Weakness Enumeration
References
http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/
http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30
http://rhn.redhat.com/errata/RHSA-2008-0616.html
http://secunia.com/advisories/30761
http://secunia.com/advisories/31121
http://secunia.com/advisories/31122
http://secunia.com/advisories/31129
http://secunia.com/advisories/31144
http://secunia.com/advisories/31145
http://secunia.com/advisories/31154
http://secunia.com/advisories/31157
http://secunia.com/advisories/31176
http://secunia.com/advisories/31183
http://secunia.com/advisories/31195
http://secunia.com/advisories/31220
http://secunia.com/advisories/31253
http://secunia.com/advisories/31261
http://secunia.com/advisories/31270
http://secunia.com/advisories/31286
http://secunia.com/advisories/31306
http://secunia.com/advisories/31377
http://secunia.com/advisories/31403
http://secunia.com/advisories/33433
http://secunia.com/advisories/34501
http://security.gentoo.org/glsa/glsa-200808-03.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238
http://www.debian.org/security/2008/dsa-1614
http://www.debian.org/security/2008/dsa-1615
http://www.debian.org/security/2008/dsa-1621
http://www.debian.org/security/2009/dsa-1697
http://www.mandriva.com/security/advisories?name=MDVSA-2008:148
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400
http://www.redhat.com/support/errata/RHSA-2008-0597.html
http://www.redhat.com/support/errata/RHSA-2008-0598.html
http://www.redhat.com/support/errata/RHSA-2008-0599.html
http://www.securityfocus.com/archive/1/494504/100/0/threaded
http://www.securityfocus.com/archive/1/494860/100/0/threaded
http://www.securityfocus.com/bid/29802
http://www.securitytracker.com/id?1020336
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380767
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380974
http://www.ubuntu.com/usn/usn-623-1
http://www.ubuntu.com/usn/usn-626-1
http://www.ubuntu.com/usn/usn-626-2
http://www.ubuntu.com/usn/usn-629-1
http://www.vupen.com/english/advisories/2008/1873
http://www.vupen.com/english/advisories/2009/0977
http://www.zerodayinitiative.com/advisories/ZDI-08-044/
https://bugzilla.mozilla.org/show_bug.cgi?id=440230
https://exchange.xforce.ibmcloud.com/vulnerabilities/43167
https://issues.rpath.com/browse/RPL-2683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9900
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00667.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00672.html
http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/
http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30
http://rhn.redhat.com/errata/RHSA-2008-0616.html
http://secunia.com/advisories/30761
http://secunia.com/advisories/31121
http://secunia.com/advisories/31122
http://secunia.com/advisories/31129
http://secunia.com/advisories/31144
http://secunia.com/advisories/31145
http://secunia.com/advisories/31154
http://secunia.com/advisories/31157
http://secunia.com/advisories/31176
http://secunia.com/advisories/31183
http://secunia.com/advisories/31195
http://secunia.com/advisories/31220
http://secunia.com/advisories/31253
http://secunia.com/advisories/31261
http://secunia.com/advisories/31270
http://secunia.com/advisories/31286
http://secunia.com/advisories/31306
http://secunia.com/advisories/31377
http://secunia.com/advisories/31403
http://secunia.com/advisories/33433
http://secunia.com/advisories/34501
http://security.gentoo.org/glsa/glsa-200808-03.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238
http://www.debian.org/security/2008/dsa-1614
http://www.debian.org/security/2008/dsa-1615
http://www.debian.org/security/2008/dsa-1621
http://www.debian.org/security/2009/dsa-1697
http://www.mandriva.com/security/advisories?name=MDVSA-2008:148
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400
http://www.redhat.com/support/errata/RHSA-2008-0597.html
http://www.redhat.com/support/errata/RHSA-2008-0598.html
http://www.redhat.com/support/errata/RHSA-2008-0599.html
http://www.securityfocus.com/archive/1/494504/100/0/threaded
http://www.securityfocus.com/archive/1/494860/100/0/threaded
http://www.securityfocus.com/bid/29802
http://www.securitytracker.com/id?1020336
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380767
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380974
http://www.ubuntu.com/usn/usn-623-1
http://www.ubuntu.com/usn/usn-626-1
http://www.ubuntu.com/usn/usn-626-2
http://www.ubuntu.com/usn/usn-629-1
http://www.vupen.com/english/advisories/2008/1873
http://www.vupen.com/english/advisories/2009/0977
http://www.zerodayinitiative.com/advisories/ZDI-08-044/
https://bugzilla.mozilla.org/show_bug.cgi?id=440230
https://exchange.xforce.ibmcloud.com/vulnerabilities/43167
https://issues.rpath.com/browse/RPL-2683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9900
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00667.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00672.html