Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2008-4061
Analyzed
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-24 Sep, 2008 | 20:37
Updated At-01 Nov, 2018 | 16:23

Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>Versions before 2.0.0.17(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions from 3.0(inclusive) to 3.0.2(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>Versions before 1.1.12(exclusive)
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions before 2.0.0.17(exclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>4.0
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>7.04
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>7.10
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
Evaluator Description
NOTE: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://download.novell.com/Download?buildid=WZXONb-tqBw~secalert@redhat.com
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.htmlsecalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31984secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31985secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31987secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32007secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32010secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32011secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32012secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32025secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32042secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32044secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32082secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32089secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32092secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32095secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32096secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32144secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32185secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32196secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32845secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/33433secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/33434secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/34501secalert@redhat.com
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422secalert@redhat.com
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232secalert@redhat.com
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123secalert@redhat.com
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1secalert@redhat.com
Broken Link
http://www.debian.org/security/2008/dsa-1649secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2008/dsa-1669secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2009/dsa-1696secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2009/dsa-1697secalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:205secalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:206secalert@redhat.com
Third Party Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-42.htmlsecalert@redhat.com
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0879.htmlsecalert@redhat.com
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0882.htmlsecalert@redhat.com
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0908.htmlsecalert@redhat.com
Third Party Advisory
http://www.securityfocus.com/bid/31346secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020916secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-645-1secalert@redhat.com
Third Party Advisory
http://www.ubuntu.com/usn/usn-645-2secalert@redhat.com
Third Party Advisory
http://www.ubuntu.com/usn/usn-647-1secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2008/2661secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2009/0977secalert@redhat.com
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=443089secalert@redhat.com
Patch
Issue Tracking
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45351secalert@redhat.com
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10794secalert@redhat.com
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.htmlsecalert@redhat.com
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.htmlsecalert@redhat.com
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.htmlsecalert@redhat.com
Third Party Advisory
Change History
0Changes found
Details not found