Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4324Mozilla Firefox vulnerability

CWE-3994 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
6.6%
top 8.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mozilla Firefox
Timeline
PublishedSep 29
Latest updateMay 2

Description

The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox3.0.3

🔴Vulnerability Details

1
GHSA
GHSA-hfq5-47x3-ghhc: The user interface event dispatcher in Mozilla Firefox 32022-05-02

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 3.0.3 - User Interface Null Pointer Dereference Crash2008-09-28

💬Community

1
Bugzilla
CVE-2011-4324 kernel: nfsv4: mknod(2) DoS2011-11-21