National Cyber Awareness System

Vulnerability Summary for CVE-2008-5502

Overview

The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MISC

Name: https://bugzilla.mozilla.org/show_bug.cgi?id=458679

Hyperlink:https://bugzilla.mozilla.org/show_bug.cgi?id=458679

External Source: XF

Name: firefox-js-deflatestring-code-execution(47408)

Hyperlink:http://xforce.iss.net/xforce/xfdb/47408

External Source: VUPEN

Name: ADV-2009-0977

Hyperlink:http://www.vupen.com/english/advisories/2009/0977

External Source: UBUNTU

Name: USN-690-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-690-1

External Source: SECTRACK

Name: 1021417

Hyperlink:http://www.securitytracker.com/id?1021417

External Source: BID

Name: 32882

Hyperlink:http://www.securityfocus.com/bid/32882

External Source: REDHAT

Name: RHSA-2009:0002

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-0002.html

External Source: REDHAT

Name: RHSA-2008:1037

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-1037.html

External Source: REDHAT

Name: RHSA-2008:1036

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-1036.html

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2008/mfsa2008-60.html

Type: Advisory

Hyperlink:http://www.mozilla.org/security/announce/2008/mfsa2008-60.html

External Source: MANDRIVA

Name: MDVSA-2008:245

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:245

External Source: SUNALERT

Name: 256408

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

External Source: SECUNIA

Name: 34501

Hyperlink:http://secunia.com/advisories/34501

External Source: SECUNIA

Name: 33421

Hyperlink:http://secunia.com/advisories/33421

External Source: SECUNIA

Name: 33216

Hyperlink:http://secunia.com/advisories/33216

External Source: SECUNIA

Name: 33203

Hyperlink:http://secunia.com/advisories/33203

External Source: SECUNIA

Name: 33189

Hyperlink:http://secunia.com/advisories/33189

External Source: SECUNIA

Name: 33188

Hyperlink:http://secunia.com/advisories/33188

External Source: OVAL

Name: oval:org.mitre.oval:def:10001

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10001

References to Check Content

Identifier:oval:org.mitre.oval:def:10001

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10001