CVE-2008-5017 — Mozilla Firefox vulnerability

CWE-1897 documents6 sources

Severity

10.0CRITICALNVD

EPSS

17.4%

top 4.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +2 more

Timeline

PublishedNov 13

Latest updateMay 14

Description

Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox2.0 — 2.0.0.18+1

▶NVDmozilla/seamonkey1.0 — 1.1.13

▶NVDmozilla/thunderbird2.0 — 2.0.0.18

Also affects: Debian Linux 4.0, Ubuntu Linux 6.06, 7.10, 8.04, 8.10

🔴Vulnerability Details

GHSA

GHSA-h983-53hw-mp7w: Integer overflow in xpcom/io/nsEscape↗2022-05-14

▶

CVEList

CVE-2008-5017: Integer overflow in xpcom/io/nsEscape↗2008-11-13

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2008-11-26

▶

Ubuntu

Firefox and xulrunner vulnerabilities↗2008-11-17

▶

Red Hat

Mozilla crash with evidence of memory corruption↗2008-11-12

▶

💬Community

Bugzilla

CVE-2008-5017 Mozilla crash with evidence of memory corruption↗2008-11-10

▶