CVE-2008-2811

Severity

99%

Complexity

99%

Confidentiality

165%

The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.

The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

Mozilla

First reported 16 years ago

2008-07-07 23:41:00

Last updated 6 years ago

2018-10-11 20:44:00

Affected Software

Mozilla Firefox 2.0

2.0

Mozilla Firefox 2.0.0.1

2.0.0.1

Mozilla Firefox 2.0.0.2

2.0.0.2

Mozilla Firefox 2.0.0.3

2.0.0.3

Mozilla Firefox 2.0.0.4

2.0.0.4

Mozilla Firefox 2.0.0.5

2.0.0.5

Mozilla Firefox 2.0.0.6

2.0.0.6

Mozilla Firefox 2.0.0.7

2.0.0.7

Mozilla Firefox 2.0.0.8

2.0.0.8

Mozilla Firefox 2.0.0.9

2.0.0.9

Mozilla Firefox 2.0.0.10

2.0.0.10

Mozilla Firefox 2.0.0.11

2.0.0.11

Mozilla Firefox 2.0.0.12

2.0.0.12

Mozilla Firefox 2.0.0.13

2.0.0.13

Mozilla Firefox

Mozilla SeaMonkey 1.1

1.1

Mozilla Seamonkey 1.1.2

1.1.2

Mozilla Seamonkey 1.1.3

1.1.3

Mozilla Seamonkey 1.1.4

1.1.4

Mozilla Seamonkey 1.1.5

1.1.5

Mozilla Seamonkey 1.1.6

1.1.6

Mozilla Seamonkey 1.1.7

1.1.7

Mozilla SeaMonkey 1.1.8

1.1.8

Mozilla SeaMonkey

Mozilla Thunderbird 2.0.0.0

2.0.0.0

Mozilla Thunderbird 2.0.0.4

2.0.0.4

Mozilla Thunderbird 2.0.0.5

2.0.0.5

Mozilla Thunderbird 2.0.0.6

2.0.0.6

Mozilla Thunderbird 2.0.0.9

2.0.0.9

Mozilla Thunderbird 2.0.0.12

2.0.0.12

Mozilla Thunderbird

References

SUSE-SA:2008:034

RHSA-2008:0616

30878

30898

30903

30911

Vendor Advisory

30915

30949

31005

31008

31021

31023

31069

31076

31183

31195

31220

31253

31286

31377

31403

33433

34501

GLSA-200808-03

SSA:2008-191-03

SSA:2008-191

SSA:2008-210-05

256408

http://wiki.rpath.com/Advisories:rPSA-2008-0216

DSA-1607

DSA-1615

DSA-1621

DSA-1697

VU#607267

US Government Resource

MDVSA-2008:136

MDVSA-2008:155

http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15

http://www.mozilla.org/security/announce/2008/mfsa2008-33.html

RHSA-2008:0547

RHSA-2008:0549

RHSA-2008:0569

20080708 rPSA-2008-0216-1 firefox

30038

1020419

USN-619-1

USN-629-1

ADV-2008-1993

ADV-2009-0977

https://bugzilla.mozilla.org/show_bug.cgi?id=439735

https://issues.rpath.com/browse/RPL-2646

oval:org.mitre.oval:def:9865

FEDORA-2008-6737

FEDORA-2008-6706

FEDORA-2008-6127

FEDORA-2008-6193

FEDORA-2008-6196

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.