CVE-2008-2785

Severity

93%

Complexity

86%

Confidentiality

165%

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Mozilla

First reported 16 years ago

2008-06-19 21:41:00

Last updated 6 years ago

2018-10-11 20:42:00

Affected Software

Mozilla Firefox 2.0

2.0

Mozilla Firefox 2.0.0.1

2.0.0.1

Mozilla Firefox 2.0.0.2

2.0.0.2

Mozilla Firefox 2.0.0.3

2.0.0.3

Mozilla Firefox 2.0.0.4

2.0.0.4

Mozilla Firefox 2.0.0.5

2.0.0.5

Mozilla Firefox 2.0.0.6

2.0.0.6

Mozilla Firefox 2.0.0.7

2.0.0.7

Mozilla Firefox 2.0.0.8

2.0.0.8

Mozilla Firefox 2.0.0.9

2.0.0.9

Mozilla Firefox 2.0.0.10

2.0.0.10

Mozilla Firefox 2.0.0.11

2.0.0.11

Mozilla Firefox 2.0.0.12

2.0.0.12

Mozilla Firefox 2.0.0.13

2.0.0.13

Mozilla Firefox 2.0.0.14

2.0.0.14

Mozilla Firefox

Mozilla Firefox 3.0

3.0

Mozilla SeaMonkey 1.0

1.0

Mozilla SeaMonkey 1.0 alpha

1.0

Mozilla SeaMonkey 1.0 beta

1.0

Mozilla SeaMonkey 1.0.1

1.0.1

Mozilla SeaMonkey 1.0.2

1.0.2

Mozilla SeaMonkey 1.0.3

1.0.3

Mozilla SeaMonkey 1.0.4

1.0.4

Mozilla SeaMonkey 1.0.5

1.0.5

Mozilla SeaMonkey 1.0.6

1.0.6

Mozilla SeaMonkey 1.0.7

1.0.7

Mozilla SeaMonkey 1.0.8

1.0.8

Mozilla SeaMonkey 1.0.9

1.0.9

Mozilla SeaMonkey 1.1

1.1

Mozilla SeaMonkey 1.1 alpha

1.1

Mozilla SeaMonkey 1.1 beta

1.1

Mozilla Seamonkey 1.1.1

1.1.1

Mozilla Seamonkey 1.1.2

1.1.2

Mozilla Seamonkey 1.1.3

1.1.3

Mozilla Seamonkey 1.1.4

1.1.4

Mozilla Seamonkey 1.1.5

1.1.5

Mozilla Seamonkey 1.1.6

1.1.6

Mozilla Seamonkey 1.1.7

1.1.7

Mozilla SeaMonkey 1.1.8

1.1.8

Mozilla SeaMonkey 1.1.9

1.1.9

Mozilla SeaMonkey

Mozilla Thunderbird 0.1

0.1

Mozilla Thunderbird 0.2

0.2

Mozilla Thunderbird 0.3

0.3

Mozilla Thunderbird 0.4

0.4

Mozilla Thunderbird 0.5

0.5

Mozilla Thunderbird 0.6

0.6

Mozilla Thunderbird 0.7

0.7

Mozilla Thunderbird 0.8

0.8

Mozilla Thunderbird 0.9

0.9

Mozilla Thunderbird 1.0

1.0

Mozilla Thunderbird 1.0.2

1.0.2

Mozilla Thunderbird 1.0.5

1.0.5

Mozilla Thunderbird 1.0.6

1.0.6

Mozilla Thunderbird 1.0.7

1.0.7

Mozilla Thunderbird 1.0.8

1.0.8

Mozilla Thunderbird 1.5

1.5

Mozilla Thunderbird 1.5.0.2

1.5.0.2

Mozilla Thunderbird 1.5.0.4

1.5.0.4

Mozilla Thunderbird 1.5.0.5

1.5.0.5

Mozilla Thunderbird 1.5.0.7

1.5.0.7

Mozilla Thunderbird 1.5.0.8

1.5.0.8

Mozilla Thunderbird 1.5.0.9

1.5.0.9

Mozilla Thunderbird 1.5.0.10

1.5.0.10

Mozilla Thunderbird 1.5.0.12

1.5.0.12

Mozilla Thunderbird 1.5.0.13

1.5.0.13

Mozilla Thunderbird 1.5.0.14

1.5.0.14

Mozilla Thunderbird 2.0.0.0

2.0.0.0

Mozilla Thunderbird 2.0.0.4

2.0.0.4

Mozilla Thunderbird 2.0.0.5

2.0.0.5

Mozilla Thunderbird 2.0.0.6

2.0.0.6

Mozilla Thunderbird 2.0.0.9

2.0.0.9

Mozilla Thunderbird 2.0.0.12

2.0.0.12

Mozilla Thunderbird

References

http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/

http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30

RHSA-2008:0616

30761

Vendor Advisory

31121

31122

Vendor Advisory

31129

Vendor Advisory

31144

31145

Vendor Advisory

31154

Vendor Advisory

31157

Vendor Advisory

31176

Vendor Advisory

31183

Vendor Advisory

31195

Vendor Advisory

31220

Vendor Advisory

31253

Vendor Advisory

31261

Vendor Advisory

31270

Vendor Advisory

31286

Vendor Advisory

31306

Vendor Advisory

31377

Vendor Advisory

31403

Vendor Advisory

33433

34501

GLSA-200808-03

SSA:2008-210-05

256408

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238

DSA-1614

DSA-1615

DSA-1621

DSA-1697

MDVSA-2008:148

MDVSA-2008:155

http://www.mozilla.org/security/announce/2008/mfsa2008-34.html

Patch, Vendor Advisory

http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400

RHSA-2008:0597

RHSA-2008:0598

RHSA-2008:0599

20080717 ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability

20080729 rPSA-2008-0238-1 firefox

29802

1020336

SSA:2008-198-02

SSA:2008-198-01

USN-623-1

USN-626-1

USN-626-2

USN-629-1

ADV-2008-1873

ADV-2009-0977

http://www.zerodayinitiative.com/advisories/ZDI-08-044/

https://bugzilla.mozilla.org/show_bug.cgi?id=440230

firefox-unspecified-code-execution(43167)

https://issues.rpath.com/browse/RPL-2683

oval:org.mitre.oval:def:9900

FEDORA-2008-6737

FEDORA-2008-6706

FEDORA-2008-6517

FEDORA-2008-6519

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.