CVE-2008-4064Out-of-bounds Write in Mozilla Firefox

CWE-3998 documents5 sources
Severity
10.0CRITICALNVD
EPSS
2.3%
top 15.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedSep 24
Latest updateMay 2

Description

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDmozilla/firefox3.0.1+1

🔴Vulnerability Details

1
GHSA
GHSA-cpqh-mhhx-jwmj: Multiple unspecified vulnerabilities in Mozilla Firefox 32022-05-02

📋Vendor Advisories

5
Ubuntu
Thunderbird vulnerabilities2008-09-26
Ubuntu
Firefox and xulrunner regression2008-09-25
Ubuntu
Firefox vulnerabilities2008-09-24
Ubuntu
Firefox and xulrunner vulnerabilities2008-09-24
Red Hat
Mozilla crashes with evidence of memory corruption2008-09-23

💬Community

1
Bugzilla
CVE-2008-4064 Mozilla crashes with evidence of memory corruption2008-09-22