CVE-2008-4069 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure8 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.3%

top 20.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedSep 24

Latest updateMay 2

Description

The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox2.0.0.16+47

▶NVDmozilla/seamonkey1.1.11+14

🔴Vulnerability Details

GHSA

GHSA-j7hh-6fv3-pr3p: The XBM decoder in Mozilla Firefox before 2↗2022-05-02

▶

CVEList

CVE-2008-4069: The XBM decoder in Mozilla Firefox before 2↗2008-09-24

▶

📋Vendor Advisories

Ubuntu

Firefox and xulrunner regression↗2008-09-25

▶

Ubuntu

Firefox vulnerabilities↗2008-09-24

▶

Ubuntu

Firefox and xulrunner vulnerabilities↗2008-09-24

▶

Red Hat

Mozilla XBM decoder information disclosure↗2008-09-23

▶

💬Community

Bugzilla

CVE-2008-4069 Mozilla XBM decoder information disclosure↗2008-09-22

▶