CVE-2008-4069 Information
Description
The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory and possibly obtain sensitive information in opportunistic circumstances via a crafted XBM image file.
Reference
http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/32010 http://secunia.com/advisories/32012 http://secunia.com/advisories/32042 http://secunia.com/advisories/32044 http://secunia.com/advisories/32144 http://secunia.com/advisories/32185 http://secunia.com/advisories/32196 http://secunia.com/advisories/32845 http://secunia.com/advisories/33433 http://secunia.com/advisories/34501 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.blackhat.com/presentations/bh-usa-08/Hoffman/Hoffman-BH2008-CircumventingJavaScript.ppt http://www.debian.org/security/2008/dsa-1649 http://www.debian.org/security/2008/dsa-1669 http://www.debian.org/security/2009/dsa-1697 http://www.mandriva.com/security/advisories?name=MDVSA-2008:205 http://www.mozilla.org/security/announce/2008/mfsa2008-45.html http://www.redhat.com/support/errata/RHSA-2008-0882.html http://www.securityfocus.com/bid/31346 http://www.securitytracker.com/id?1020923 http://www.ubuntu.com/usn/usn-645-1 http://www.ubuntu.com/usn/usn-645-2 http://www.vupen.com/english/advisories/2008/2661 http://www.vupen.com/english/advisories/2009/0977 https://bugzilla.mozilla.org/show_bug.cgi?id=449703 https://exchange.xforce.ibmcloud.com/vulnerabilities/45361 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11000 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
Share on: