Products
Solutions
Customers
Partner
Resources
Company
Careers
Community

CVE Reference: CVE-2008-2785

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2008-2785

Description:
Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/43167

UBUNTU
  http://www.ubuntu.com/usn/usn-626-1
  http://www.ubuntu.com/usn/usn-626-2
  http://www.ubuntu.com/usn/usn-629-1
  http://www.ubuntu.com/usn/usn-623-1

SUNALERT
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

ST
  1020336

SLACKWARE
  http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
  http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380767
  http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380974

SAID
  Secunia Advisory: SA33433
  Secunia Advisory: SA31403
  Secunia Advisory: SA31286
  Secunia Advisory: SA31377
  Secunia Advisory: SA31306
  Secunia Advisory: SA31253
  Secunia Advisory: SA31261
  Secunia Advisory: SA31270
  Secunia Advisory: SA31220
  Secunia Advisory: SA31195
  Secunia Advisory: SA31183
  Secunia Advisory: SA31176
  Secunia Advisory: SA31154
  Secunia Advisory: SA31145
  Secunia Advisory: SA31157
  Secunia Advisory: SA31144
  Secunia Advisory: SA31129
  Secunia Advisory: SA31122
  Secunia Advisory: SA31121
  Secunia Advisory: SA34501
  Secunia Advisory: SA30761

REDHAT
  http://rhn.redhat.com/errata/RHSA-2008-0616.html
  http://www.redhat.com/support/errata/RHSA-2008-0599.html
  http://www.redhat.com/support/errata/RHSA-2008-0597.html
  http://www.redhat.com/support/errata/RHSA-2008-0598.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9900

MISC
  http://www.zerodayinitiative.com/advisories/ZDI-08-044/
  http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/
  http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2008:148
  http://www.mandriva.com/security/advisories?name=MDVSA-2008:155

GENTOO
  http://security.gentoo.org/glsa/glsa-200808-03.xml

FEDORA

DEBIAN
  http://www.debian.org/security/2008/dsa-1621
  http://www.debian.org/security/2009/dsa-1697
  http://www.debian.org/security/2008/dsa-1614
  http://www.debian.org/security/2008/dsa-1615

CONFIRM
  http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400
  http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238
  http://www.mozilla.org/security/announce/2008/mfsa2008-34.html

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/494860/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/494504/100/0/threaded

BID
  29802


Return to the previous page.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer