CVE-2008-0412

Severity

93%

Complexity

86%

Confidentiality

165%

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Mozilla

First reported 17 years ago

2008-02-08 22:00:00

Last updated 6 years ago

2018-10-15 21:59:00

Affected Software

Mozilla Firefox

Mozilla SeaMonkey

Mozilla Thunderbird

References

http://browser.netscape.com/releasenotes/

SUSE-SA:2008:008

28754

Vendor Advisory

28758

Vendor Advisory

28766

Vendor Advisory

28808

Vendor Advisory

28815

Vendor Advisory

28818

Vendor Advisory

28839

Vendor Advisory

28864

Vendor Advisory

28865

Vendor Advisory

28877

Vendor Advisory

28879

Vendor Advisory

28924

28939

28958

Vendor Advisory

29049

Vendor Advisory

29086

29098

29164

29167

29211

29567

30327

30620

31043

SSA:2008-061-01

238492

239546

http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

http://wiki.rpath.com/Advisories:rPSA-2008-0051

http://wiki.rpath.com/Advisories:rPSA-2008-0093

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

DSA-1484

DSA-1485

DSA-1489

DSA-1506

GLSA-200805-18

MDVSA-2008:048

MDVSA-2008:062

http://www.mozilla.org/security/announce/2008/mfsa2008-01.html

RHSA-2008:0103

RHSA-2008:0104

RHSA-2008:0105

20080209 rPSA-2008-0051-1 firefox

20080212 FLEA-2008-0001-1 firefox

20080229 rPSA-2008-0093-1 thunderbird

27683

1019320

USN-576-1

USN-582-1

USN-582-2

ADV-2008-0453

ADV-2008-0454

ADV-2008-0627

ADV-2008-1793

ADV-2008-2091

https://bugzilla.mozilla.org/buglist.cgi?bug_id=398088,393141,364801,346405,396613,394337,406290

https://issues.rpath.com/browse/RPL-1995

oval:org.mitre.oval:def:10573

FEDORA-2008-1435

FEDORA-2008-1459

FEDORA-2008-1535

FEDORA-2008-2060

FEDORA-2008-2118

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.