CVE-2008-2785 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-189 CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-911 — Improper Update of Reference Count13 documents6 sources

Severity

10.0CRITICALNVD

NVD9.3

EPSS

9.5%

top 7.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedJun 19

Latest updateMay 1

Description

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox2.0.0.15+16

▶NVDmozilla/seamonkey1.1.10+20

▶NVDmozilla/thunderbird2.0.0.14+32

Patches

Patch: www.mozilla.org ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-58wr-4w95-xjcc: Buffer overflow in Firefox 3↗2022-05-01

▶

GHSA

GHSA-wjww-59jc-83xc: Mozilla Firefox before 2↗2022-05-01

▶

📋Vendor Advisories

Ubuntu

Devhelp, Epiphany, Midbrowser and Yelp update↗2008-08-04

▶

Ubuntu

Firefox and xulrunner vulnerabilities↗2008-07-28

▶

Ubuntu

Thunderbird vulnerabilities↗2008-07-25

▶

Ubuntu

Firefox vulnerabilities↗2008-07-17

▶

Red Hat

mozilla: CSS reference counter overflow (ZDI-CAN-349)↗2008-07-16

▶

📐Framework References

CWE

Improper Update of Reference Count↗

▶

💬Community

Bugzilla

CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)↗2008-06-20

▶

Bugzilla

CVE-2008-2786 mozilla: unspecified buffer overflow vulnerability↗2008-06-20

▶