CVE-2008-4064

24.09.2008, 20:37

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:C/I:C/A:C
redhat	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Vendor	Product	Version
mozilla	firefox	𝑥 ≤ 3.0.1
mozilla	firefox	3.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

natty	Fixed 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
maverick	Fixed 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
lucid	Fixed 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
karmic	dne
jaunty	dne
intrepid	dne
hardy	Fixed 2.0.0.17+1nobinonly-0ubuntu0.8.04.1 released
gutsy	Fixed 2.0.0.17+1nobinonly-0ubuntu0.7.10 released
feisty	Fixed 2.0.0.17+0nobinonly-0ubuntu0.7.4 released
dapper	Fixed 1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3 released

firefox-3.0

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	Fixed 3.0.3+build1+nobinonly-0ubuntu1 released
intrepid	Fixed 3.0.3+build1+nobinonly-0ubuntu1 released
hardy	Fixed 3.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
gutsy	ignored
feisty	dne
dapper	dne

iceape

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	ignored
feisty	dne
dapper	dne

mozilla-thunderbird

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	dne
feisty	Fixed 1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1 released
dapper	Fixed 1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1 released

seamonkey

natty	Fixed 1.1.12+nobinonly-0ubuntu1 released
maverick	Fixed 1.1.12+nobinonly-0ubuntu1 released
lucid	Fixed 1.1.12+nobinonly-0ubuntu1 released
karmic	Fixed 1.1.12+nobinonly-0ubuntu1 released
jaunty	Fixed 1.1.12+nobinonly-0ubuntu1 released
intrepid	Fixed 1.1.12+nobinonly-0ubuntu1 released
hardy	Fixed 1.1.12+nobinonly-0ubuntu0.8.04.1 released
gutsy	dne
feisty	dne
dapper	dne

thunderbird

natty	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
maverick	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
lucid	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
karmic	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
jaunty	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
intrepid	Fixed 2.0.0.17+nobinonly-0ubuntu1 released
hardy	Fixed 2.0.0.17+nobinonly-0ubuntu0.8.04.1 released
gutsy	Fixed 2.0.0.17+nobinonly-0ubuntu0.7.10.1 released
feisty	dne
dapper	dne

xulrunner

natty	dne
maverick	dne
lucid	dne
karmic	ignored
jaunty	ignored
intrepid	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1 released
hardy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1 released
gutsy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 released
feisty	ignored
dapper	dne

xulrunner-1.9

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	Fixed 1.9.0.3+build1+nobinonly-0ubuntu2 released
intrepid	Fixed 1.9.0.3+build1+nobinonly-0ubuntu2 released
hardy	Fixed 1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1 released
gutsy	ignored
feisty	dne
dapper	dne