CVE-2008-4063

24.09.2008, 20:37

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	9.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Vendor	Product	Version
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.04
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04
mozilla	firefox	𝑥 ≤ 3.0.1
mozilla	firefox	3.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

natty	Fixed 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
maverick	Fixed 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
lucid	Fixed 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
karmic	dne
jaunty	dne
intrepid	dne
hardy	Fixed 2.0.0.17+1nobinonly-0ubuntu0.8.04.1 released
gutsy	Fixed 2.0.0.17+1nobinonly-0ubuntu0.7.10 released
feisty	Fixed 2.0.0.17+0nobinonly-0ubuntu0.7.4 released
dapper	Fixed 1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3 released

firefox-3.0

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	Fixed 3.0.3+build1+nobinonly-0ubuntu1 released
intrepid	Fixed 3.0.3+build1+nobinonly-0ubuntu1 released
hardy	Fixed 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
gutsy	ignored
feisty	dne
dapper	dne

iceape

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	ignored
feisty	dne
dapper	dne

mozilla-thunderbird

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	dne
feisty	Fixed 1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1 released
dapper	Fixed 1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1 released

seamonkey

natty	Fixed 1.1.12+nobinonly-0ubuntu1 released
maverick	Fixed 1.1.12+nobinonly-0ubuntu1 released
lucid	Fixed 1.1.12+nobinonly-0ubuntu1 released
karmic	Fixed 1.1.12+nobinonly-0ubuntu1 released
jaunty	Fixed 1.1.12+nobinonly-0ubuntu1 released
intrepid	Fixed 1.1.12+nobinonly-0ubuntu1 released
hardy	Fixed 1.1.12+nobinonly-0ubuntu0.8.04.1 released
gutsy	dne
feisty	dne
dapper	dne

thunderbird

natty	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
maverick	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
lucid	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
karmic	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
jaunty	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
intrepid	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
hardy	Fixed 2.0.0.17+nobinonly-0ubuntu0.8.04.1 released
gutsy	Fixed 2.0.0.17+nobinonly-0ubuntu0.7.10.1 released
feisty	dne
dapper	dne

xulrunner

natty	dne
maverick	dne
lucid	dne
karmic	ignored
jaunty	ignored
intrepid	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1 released
hardy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1 released
gutsy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 released
feisty	ignored
dapper	dne

xulrunner-1.9

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	Fixed 1.9.0.3+build1+nobinonly-0ubuntu2 released
intrepid	Fixed 1.9.0.3+build1+nobinonly-0ubuntu2 released
hardy	Fixed 1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
gutsy	ignored
feisty	dne
dapper	dne