CVE-2008-2807Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information ExposureCWE-401Missing Release of Memory after Effective Lifetime6 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
1.6%
top 18.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedJul 7
Latest updateMay 1

Description

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox2.0.0.14+14
NVDmozilla/seamonkey1.1.9+8

🔴Vulnerability Details

1
GHSA
GHSA-xf2g-m4p8-7r3c: Mozilla Firefox before 22022-05-01

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2008-07-25
Red Hat
Firefox .properties memory leak2008-07-02
Ubuntu
Firefox vulnerabilities2008-07-02

💬Community

1
Bugzilla
CVE-2008-2807 Firefox .properties memory leak2008-06-24
CVE-2008-2807 — Sensitive Information Exposure | cvebase