CVE-2008-4061

Severity

99%

Complexity

99%

Confidentiality

165%

NOTE: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.

Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.

NOTE: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 16 years ago

2008-09-24 20:37:00

Last updated 6 years ago

2018-11-01 16:23:00

Affected Software

Mozilla Firefox

Mozilla SeaMonkey

Mozilla Thunderbird

Debian GNU/Linux 4.0

4.0

Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)

6.06

Canonical Ubuntu Linux 7.04

7.04

Canonical Ubuntu Linux 7.10

7.10

Canonical Ubuntu Linux 8.04 LTS (Long-Term Support)

8.04

References

http://download.novell.com/Download?buildid=WZXONb-tqBw~

Third Party Advisory

SUSE-SA:2008:050

Third Party Advisory

31984

Third Party Advisory

31985

Third Party Advisory

31987

Third Party Advisory

32007

Third Party Advisory

32010

Third Party Advisory

32011

Third Party Advisory

32012

Third Party Advisory

32025

Third Party Advisory

32042

Third Party Advisory

32044

Third Party Advisory

32082

Third Party Advisory

32089

Third Party Advisory

32092

Third Party Advisory

32095

Third Party Advisory

32096

Third Party Advisory

32144

Third Party Advisory

32185

Third Party Advisory

32196

Third Party Advisory

32845

Third Party Advisory

33433

Third Party Advisory

33434

Third Party Advisory

34501

Third Party Advisory

SSA:2008-269-02

Third Party Advisory

SSA:2008-269-01

Third Party Advisory

SSA:2008-270-01

Third Party Advisory

256408

Broken Link

DSA-1649

Third Party Advisory

DSA-1669

Third Party Advisory

DSA-1696

Third Party Advisory

DSA-1697

Third Party Advisory

MDVSA-2008:205

Third Party Advisory

MDVSA-2008:206

Third Party Advisory

http://www.mozilla.org/security/announce/2008/mfsa2008-42.html

Third Party Advisory

RHSA-2008:0879

Third Party Advisory

RHSA-2008:0882

Third Party Advisory

RHSA-2008:0908

Third Party Advisory

31346

Third Party Advisory, VDB Entry

1020916

Third Party Advisory, VDB Entry

USN-645-1

Third Party Advisory

USN-645-2

Third Party Advisory

USN-647-1

Third Party Advisory

ADV-2008-2661

Third Party Advisory

ADV-2009-0977

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=443089

Issue Tracking, Patch, Vendor Advisory

multiple-mozilla-layout-code-execution(45351)

Third Party Advisory, VDB Entry

oval:org.mitre.oval:def:10794

Third Party Advisory

FEDORA-2008-8425

Third Party Advisory

FEDORA-2008-8401

Third Party Advisory

FEDORA-2008-8429

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.