Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2008-AVI-368
Vulnerability from certfr_avis - Published: - Updated:
Des vulnérabilités identifiées dans Mozilla Firefox permettent à une personne malintentionnée de contourner la politique de sécurité, de porter atteinte à la confidentialité des données et / ou d'exécuter du code arbitraire à distance.
Description
Une vulnérabilité a été identifiée dans les versions 2.0.0.15 et 3.0 de Mozilla Firefox. Elle permet à une personne malintentionnée de lancer des URI de type chrome: ou des URI normalement traitées par une autre application. Ceci peut être exploité pour porter atteinte à la confidentialité des données.
Une deuxième faille dans Mozilla Firefox 3.0 permet d'injecter des scripts dans des documents chrome. Cette attaque permet à un attaquant de contourner la politique de sécurité. Couplée avec la première vulnérabilité, cette faille permettrait également d'exécuter du code arbitraire.
Une troisième vulnérabilité a été identifiée dans les deux branches de Mozilla Firefox. Elle concerne un compteur de taille insuffisante utilisé pour référencer des objets CSS. Ceci peut être exploité par une personne malintentionnée pour exécuter du code arbitraire à distance.
Enfin, une quatrième vulnérabilité concerne le traitement des GIF dans Mozilla Firefox 3.0 sous Mac OS X. Une personne malintentionnée pourrait ainsi exécuter du code arbitraire à distance via un fichier GIF spécialement conçu.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Firefox 3.0.",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Firefox versions ant\u00e9rieures \u00e0 2.0.0.16 ;",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans les versions 2.0.0.15 et 3.0 de\nMozilla Firefox. Elle permet \u00e0 une personne malintentionn\u00e9e de lancer\ndes URI de type chrome: ou des URI normalement trait\u00e9es par une autre\napplication. Ceci peut \u00eatre exploit\u00e9 pour porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n\nUne deuxi\u00e8me faille dans Mozilla Firefox 3.0 permet d\u0027injecter des\nscripts dans des documents chrome. Cette attaque permet \u00e0 un attaquant\nde contourner la politique de s\u00e9curit\u00e9. Coupl\u00e9e avec la premi\u00e8re\nvuln\u00e9rabilit\u00e9, cette faille permettrait \u00e9galement d\u0027ex\u00e9cuter du code\narbitraire.\n\nUne troisi\u00e8me vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans les deux branches de\nMozilla Firefox. Elle concerne un compteur de taille insuffisante\nutilis\u00e9 pour r\u00e9f\u00e9rencer des objets CSS. Ceci peut \u00eatre exploit\u00e9 par une\npersonne malintentionn\u00e9e pour ex\u00e9cuter du code arbitraire \u00e0 distance.\n\nEnfin, une quatri\u00e8me vuln\u00e9rabilit\u00e9 concerne le traitement des GIF dans\nMozilla Firefox 3.0 sous Mac OS X. Une personne malintentionn\u00e9e pourrait\nainsi ex\u00e9cuter du code arbitraire \u00e0 distance via un fichier GIF\nsp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-2934",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2934"
},
{
"name": "CVE-2008-2786",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2786"
},
{
"name": "CVE-2008-2785",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2785"
},
{
"name": "CVE-2008-2933",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2933"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla 2008/MFSA2008-35 du 15 juillet 2008 :",
"url": "http://www.mozilla.org/security/announce/2008/MFSA2008-35.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla 2008/MFSA2008-34 du 15 juillet 2008 :",
"url": "http://www.mozilla.org/security/announce/2008/MFSA2008-34.html"
},
{
"title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#130923 du 16 juillet 2008 :",
"url": "http://www.kb.cert.org/vuls/id/130923"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla 2008/MFSA2008-36 du 16 juillet 2008 :",
"url": "http://www.mozilla.org/security/announce/2008/MFSA2008-36.html"
}
],
"reference": "CERTA-2008-AVI-368",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Des vuln\u00e9rabilit\u00e9s identifi\u00e9es dans Mozilla Firefox permettent \u00e0 une\npersonne malintentionn\u00e9e de contourner la politique de s\u00e9curit\u00e9, de\nporter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et / ou d\u0027ex\u00e9cuter du\ncode arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2008-34 du 15 juillet 2008",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2008-35 du 15 juillet 2008",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2008-36 du 16 juillet 2008",
"url": null
}
]
}
CVE-2008-2785 (GCVE-0-2008-2785)
Vulnerability from cvelistv5 – Published: 2008-06-19 21:00 – Updated: 2024-08-07 09:14
VLAI?
EPSS
Summary
Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31154"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5031400"
},
{
"name": "oval:org.mitre.oval:def:9900",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9900"
},
{
"name": "DSA-1697",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "RHSA-2008:0597",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0597.html"
},
{
"name": "31403",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31403"
},
{
"name": "31270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31270"
},
{
"name": "SSA:2008-198-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.380767"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-044/"
},
{
"name": "31121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31121"
},
{
"name": "FEDORA-2008-6517",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00667.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=440230"
},
{
"name": "ADV-2009-0977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "31145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31145"
},
{
"name": "31122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31122"
},
{
"name": "31377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31377"
},
{
"name": "RHSA-2008:0616",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"name": "29802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238"
},
{
"name": "MDVSA-2008:155",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"
},
{
"name": "GLSA-200808-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name": "20080729 rPSA-2008-0238-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494860/100/0/threaded"
},
{
"name": "USN-626-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-626-2"
},
{
"name": "RHSA-2008:0598",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0598.html"
},
{
"name": "31157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31157"
},
{
"name": "33433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33433"
},
{
"name": "DSA-1614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1614"
},
{
"name": "31253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31253"
},
{
"name": "FEDORA-2008-6737",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"
},
{
"name": "31183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31183"
},
{
"name": "USN-629-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-629-1"
},
{
"name": "RHSA-2008:0599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0599.html"
},
{
"name": "256408",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2683"
},
{
"name": "31261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31261"
},
{
"name": "31144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31144"
},
{
"name": "30761",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30761"
},
{
"name": "SSA:2008-210-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.410484"
},
{
"name": "USN-623-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-623-1"
},
{
"name": "SSA:2008-198-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.380974"
},
{
"name": "DSA-1615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"name": "31176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31176"
},
{
"name": "20080717 ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494504/100/0/threaded"
},
{
"name": "FEDORA-2008-6706",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"
},
{
"name": "FEDORA-2008-6519",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00672.html"
},
{
"name": "31220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31220"
},
{
"name": "31195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31195"
},
{
"name": "31129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31129"
},
{
"name": "1020336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020336"
},
{
"name": "firefox-unspecified-code-execution(43167)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43167"
},
{
"name": "USN-626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-626-1"
},
{
"name": "MDVSA-2008:148",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:148"
},
{
"name": "DSA-1621",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1621"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-34.html"
},
{
"name": "31306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31306"
},
{
"name": "31286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31286"
},
{
"name": "34501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34501"
},
{
"name": "ADV-2008-1873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31154"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5031400"
},
{
"name": "oval:org.mitre.oval:def:9900",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9900"
},
{
"name": "DSA-1697",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "RHSA-2008:0597",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0597.html"
},
{
"name": "31403",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31403"
},
{
"name": "31270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31270"
},
{
"name": "SSA:2008-198-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.380767"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-044/"
},
{
"name": "31121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31121"
},
{
"name": "FEDORA-2008-6517",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00667.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=440230"
},
{
"name": "ADV-2009-0977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "31145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31145"
},
{
"name": "31122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31122"
},
{
"name": "31377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31377"
},
{
"name": "RHSA-2008:0616",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"name": "29802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238"
},
{
"name": "MDVSA-2008:155",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"
},
{
"name": "GLSA-200808-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name": "20080729 rPSA-2008-0238-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494860/100/0/threaded"
},
{
"name": "USN-626-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-626-2"
},
{
"name": "RHSA-2008:0598",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0598.html"
},
{
"name": "31157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31157"
},
{
"name": "33433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33433"
},
{
"name": "DSA-1614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1614"
},
{
"name": "31253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31253"
},
{
"name": "FEDORA-2008-6737",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"
},
{
"name": "31183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31183"
},
{
"name": "USN-629-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-629-1"
},
{
"name": "RHSA-2008:0599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0599.html"
},
{
"name": "256408",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2683"
},
{
"name": "31261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31261"
},
{
"name": "31144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31144"
},
{
"name": "30761",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30761"
},
{
"name": "SSA:2008-210-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.410484"
},
{
"name": "USN-623-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-623-1"
},
{
"name": "SSA:2008-198-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.380974"
},
{
"name": "DSA-1615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"name": "31176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31176"
},
{
"name": "20080717 ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494504/100/0/threaded"
},
{
"name": "FEDORA-2008-6706",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"
},
{
"name": "FEDORA-2008-6519",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00672.html"
},
{
"name": "31220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31220"
},
{
"name": "31195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31195"
},
{
"name": "31129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31129"
},
{
"name": "1020336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020336"
},
{
"name": "firefox-unspecified-code-execution(43167)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43167"
},
{
"name": "USN-626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-626-1"
},
{
"name": "MDVSA-2008:148",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:148"
},
{
"name": "DSA-1621",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1621"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-34.html"
},
{
"name": "31306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31306"
},
{
"name": "31286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31286"
},
{
"name": "34501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34501"
},
{
"name": "ADV-2008-1873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31154"
},
{
"name": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5031400",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5031400"
},
{
"name": "oval:org.mitre.oval:def:9900",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9900"
},
{
"name": "DSA-1697",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "RHSA-2008:0597",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0597.html"
},
{
"name": "31403",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31403"
},
{
"name": "31270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31270"
},
{
"name": "SSA:2008-198-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.380767"
},
{
"name": "http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/",
"refsource": "MISC",
"url": "http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-044/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-044/"
},
{
"name": "31121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31121"
},
{
"name": "FEDORA-2008-6517",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00667.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=440230",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=440230"
},
{
"name": "ADV-2009-0977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "31145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31145"
},
{
"name": "31122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31122"
},
{
"name": "31377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31377"
},
{
"name": "RHSA-2008:0616",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"name": "29802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29802"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238"
},
{
"name": "MDVSA-2008:155",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"
},
{
"name": "GLSA-200808-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name": "20080729 rPSA-2008-0238-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494860/100/0/threaded"
},
{
"name": "USN-626-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-626-2"
},
{
"name": "RHSA-2008:0598",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0598.html"
},
{
"name": "31157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31157"
},
{
"name": "33433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33433"
},
{
"name": "DSA-1614",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1614"
},
{
"name": "31253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31253"
},
{
"name": "FEDORA-2008-6737",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"
},
{
"name": "31183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31183"
},
{
"name": "USN-629-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-629-1"
},
{
"name": "RHSA-2008:0599",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0599.html"
},
{
"name": "256408",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name": "http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30"
},
{
"name": "https://issues.rpath.com/browse/RPL-2683",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2683"
},
{
"name": "31261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31261"
},
{
"name": "31144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31144"
},
{
"name": "30761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30761"
},
{
"name": "SSA:2008-210-05",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.410484"
},
{
"name": "USN-623-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-623-1"
},
{
"name": "SSA:2008-198-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.380974"
},
{
"name": "DSA-1615",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"name": "31176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31176"
},
{
"name": "20080717 ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494504/100/0/threaded"
},
{
"name": "FEDORA-2008-6706",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"
},
{
"name": "FEDORA-2008-6519",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00672.html"
},
{
"name": "31220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31220"
},
{
"name": "31195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31195"
},
{
"name": "31129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31129"
},
{
"name": "1020336",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020336"
},
{
"name": "firefox-unspecified-code-execution(43167)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43167"
},
{
"name": "USN-626-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-626-1"
},
{
"name": "MDVSA-2008:148",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:148"
},
{
"name": "DSA-1621",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1621"
},
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-34.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-34.html"
},
{
"name": "31306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31306"
},
{
"name": "31286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31286"
},
{
"name": "34501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34501"
},
{
"name": "ADV-2008-1873",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2785",
"datePublished": "2008-06-19T21:00:00",
"dateReserved": "2008-06-19T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2933 (GCVE-0-2008-2933)
Vulnerability from cvelistv5 – Published: 2008-07-17 10:00 – Updated: 2024-08-07 09:21
VLAI?
EPSS
Summary
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5031400"
},
{
"name": "DSA-1697",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "RHSA-2008:0597",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0597.html"
},
{
"name": "31270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31270"
},
{
"name": "31121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31121"
},
{
"name": "ADV-2009-0977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "31145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31145"
},
{
"name": "1020500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020500"
},
{
"name": "31377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238"
},
{
"name": "GLSA-200808-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name": "20080729 rPSA-2008-0238-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494860/100/0/threaded"
},
{
"name": "USN-626-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-626-2"
},
{
"name": "RHSA-2008:0598",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0598.html"
},
{
"name": "31157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31157"
},
{
"name": "33433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33433"
},
{
"name": "DSA-1614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1614"
},
{
"name": "31183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31183"
},
{
"name": "31106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31106"
},
{
"name": "VU#130923",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/130923"
},
{
"name": "256408",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2683"
},
{
"name": "31261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31261"
},
{
"name": "31120",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-35.html"
},
{
"name": "USN-623-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-623-1"
},
{
"name": "oval:org.mitre.oval:def:11618",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11618"
},
{
"name": "SSA:2008-198-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.380974"
},
{
"name": "DSA-1615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"name": "31176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31176"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=441120"
},
{
"name": "31129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31129"
},
{
"name": "30242",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30242"
},
{
"name": "USN-626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-626-1"
},
{
"name": "MDVSA-2008:148",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:148"
},
{
"name": "31306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31306"
},
{
"name": "firefox-commandline-uri-security-bypass(43832)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43832"
},
{
"name": "34501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets \u0027|\u0027 (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5031400"
},
{
"name": "DSA-1697",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "RHSA-2008:0597",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0597.html"
},
{
"name": "31270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31270"
},
{
"name": "31121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31121"
},
{
"name": "ADV-2009-0977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "31145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31145"
},
{
"name": "1020500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020500"
},
{
"name": "31377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238"
},
{
"name": "GLSA-200808-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name": "20080729 rPSA-2008-0238-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494860/100/0/threaded"
},
{
"name": "USN-626-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-626-2"
},
{
"name": "RHSA-2008:0598",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0598.html"
},
{
"name": "31157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31157"
},
{
"name": "33433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33433"
},
{
"name": "DSA-1614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1614"
},
{
"name": "31183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31183"
},
{
"name": "31106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31106"
},
{
"name": "VU#130923",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/130923"
},
{
"name": "256408",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2683"
},
{
"name": "31261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31261"
},
{
"name": "31120",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-35.html"
},
{
"name": "USN-623-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-623-1"
},
{
"name": "oval:org.mitre.oval:def:11618",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11618"
},
{
"name": "SSA:2008-198-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.380974"
},
{
"name": "DSA-1615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"name": "31176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31176"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=441120"
},
{
"name": "31129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31129"
},
{
"name": "30242",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30242"
},
{
"name": "USN-626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-626-1"
},
{
"name": "MDVSA-2008:148",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:148"
},
{
"name": "31306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31306"
},
{
"name": "firefox-commandline-uri-security-bypass(43832)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43832"
},
{
"name": "34501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34501"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets \u0027|\u0027 (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5031400",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=InfoDocument-patchbuilder-readme5031400"
},
{
"name": "DSA-1697",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "RHSA-2008:0597",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0597.html"
},
{
"name": "31270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31270"
},
{
"name": "31121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31121"
},
{
"name": "ADV-2009-0977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "31145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31145"
},
{
"name": "1020500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020500"
},
{
"name": "31377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31377"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238"
},
{
"name": "GLSA-200808-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name": "20080729 rPSA-2008-0238-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494860/100/0/threaded"
},
{
"name": "USN-626-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-626-2"
},
{
"name": "RHSA-2008:0598",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0598.html"
},
{
"name": "31157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31157"
},
{
"name": "33433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33433"
},
{
"name": "DSA-1614",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1614"
},
{
"name": "31183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31183"
},
{
"name": "31106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31106"
},
{
"name": "VU#130923",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/130923"
},
{
"name": "256408",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name": "https://issues.rpath.com/browse/RPL-2683",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2683"
},
{
"name": "31261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31261"
},
{
"name": "31120",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31120"
},
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-35.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-35.html"
},
{
"name": "USN-623-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-623-1"
},
{
"name": "oval:org.mitre.oval:def:11618",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11618"
},
{
"name": "SSA:2008-198-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.380974"
},
{
"name": "DSA-1615",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"name": "31176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31176"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=441120",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=441120"
},
{
"name": "31129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31129"
},
{
"name": "30242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30242"
},
{
"name": "USN-626-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-626-1"
},
{
"name": "MDVSA-2008:148",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:148"
},
{
"name": "31306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31306"
},
{
"name": "firefox-commandline-uri-security-bypass(43832)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43832"
},
{
"name": "34501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34501"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2933",
"datePublished": "2008-07-17T10:00:00",
"dateReserved": "2008-06-30T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2934 (GCVE-0-2008-2934)
Vulnerability from cvelistv5 – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:21
VLAI?
EPSS
Summary
Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31270"
},
{
"name": "ADV-2009-0977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-36.html"
},
{
"name": "31132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31132"
},
{
"name": "256408",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name": "firefox-gif-code-execution(43850)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43850"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=441360"
},
{
"name": "ADV-2008-2125",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2125"
},
{
"name": "1020516",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020516"
},
{
"name": "USN-626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-626-1"
},
{
"name": "30266",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30266"
},
{
"name": "34501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "31270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31270"
},
{
"name": "ADV-2009-0977",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-36.html"
},
{
"name": "31132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31132"
},
{
"name": "256408",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name": "firefox-gif-code-execution(43850)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43850"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=441360"
},
{
"name": "ADV-2008-2125",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2125"
},
{
"name": "1020516",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020516"
},
{
"name": "USN-626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-626-1"
},
{
"name": "30266",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30266"
},
{
"name": "34501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34501"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2934",
"datePublished": "2008-07-18T16:00:00",
"dateReserved": "2008-06-30T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2786 (GCVE-0-2008-2786)
Vulnerability from cvelistv5 – Published: 2008-06-19 21:00 – Updated: 2024-08-07 09:14
VLAI?
EPSS
Summary
Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:15.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29794",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29794"
},
{
"name": "mozilla-firefox-unspecified-bo(43317)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43317"
},
{
"name": "20080618 Coming soon : Firefox 3 Release overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062832.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29794",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29794"
},
{
"name": "mozilla-firefox-unspecified-bo(43317)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43317"
},
{
"name": "20080618 Coming soon : Firefox 3 Release overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29794"
},
{
"name": "mozilla-firefox-unspecified-bo(43317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43317"
},
{
"name": "20080618 Coming soon : Firefox 3 Release overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2786",
"datePublished": "2008-06-19T21:00:00",
"dateReserved": "2008-06-19T00:00:00",
"dateUpdated": "2024-08-07T09:14:15.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…