CVE-2008-4062 Information
Description
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2 Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.
Reference
http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisories/32044 http://secunia.com/advisories/32082 http://secunia.com/advisories/32089 http://secunia.com/advisories/32092 http://secunia.com/advisories/32095 http://secunia.com/advisories/32096 http://secunia.com/advisories/32144 http://secunia.com/advisories/32185 http://secunia.com/advisories/32196 http://secunia.com/advisories/32845 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http://secunia.com/advisories/34501 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.debian.org/security/2008/dsa-1649 http://www.debian.org/security/2008/dsa-1669 http://www.debian.org/security/2009/dsa-1696 http://www.debian.org/security/2009/dsa-1697 http://www.mandriva.com/security/advisories?name=MDVSA-2008:205 http://www.mandriva.com/security/advisories?name=MDVSA-2008:206 http://www.mozilla.org/security/announce/2008/mfsa2008-42.html http://www.redhat.com/support/errata/RHSA-2008-0879.html http://www.redhat.com/support/errata/RHSA-2008-0882.html http://www.redhat.com/support/errata/RHSA-2008-0908.html http://www.securityfocus.com/bid/31346 http://www.securitytracker.com/id?1020916 http://www.ubuntu.com/usn/usn-645-1 http://www.ubuntu.com/usn/usn-645-2 http://www.ubuntu.com/usn/usn-647-1 http://www.vupen.com/english/advisories/2008/2661 http://www.vupen.com/english/advisories/2009/0977 https://bugzilla.mozilla.org/show_bug.cgi?id=367736 https://bugzilla.mozilla.org/show_bug.cgi?id=444608 https://bugzilla.mozilla.org/show_bug.cgi?id=445229 https://exchange.xforce.ibmcloud.com/vulnerabilities/45355 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10206 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
Share on: