CVE-2008-4062
First published: Wed Sep 24 2008(Updated: )
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <2.0.0.17 | |
| Mozilla Firefox | >=3.0<3.0.2 | |
| Mozilla SeaMonkey | <1.1.12 | |
| Mozilla Thunderbird | <2.0.0.17 | |
| Debian GNU/Linux | =4.0 | |
| Ubuntu Linux | =6.06 | |
| Ubuntu Linux | =7.04 | |
| Ubuntu Linux | =7.10 | |
| Ubuntu Linux | =8.04 | |
| Mozilla Firefox and Thunderbird | <2.0.0.17 | |
| Mozilla Firefox and Thunderbird | >=3.0<3.0.2 | |
| Mozilla Firefox and Thunderbird | <2.0.0.17 | |
| Debian | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2008/mfsa2008-42.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=367736
- https://bugzilla.mozilla.org/show_bug.cgi?id=444608
- https://bugzilla.mozilla.org/show_bug.cgi?id=445229
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
- http://secunia.com/advisories/32042
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
- http://www.redhat.com/support/errata/RHSA-2008-0908.html
- http://secunia.com/advisories/32092
- http://secunia.com/advisories/32025
- http://www.ubuntu.com/usn/usn-647-1
- http://secunia.com/advisories/32082
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
- http://secunia.com/advisories/32144
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
- http://download.novell.com/Download?buildid=WZXONb-tqBw~
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
- http://secunia.com/advisories/32089
- http://secunia.com/advisories/32044
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:206
- http://secunia.com/advisories/32096
- http://secunia.com/advisories/32095
- http://secunia.com/advisories/32845
- http://www.debian.org/security/2008/dsa-1669
- http://secunia.com/advisories/32012
- http://www.securityfocus.com/bid/31346
- http://www.ubuntu.com/usn/usn-645-2
- http://secunia.com/advisories/31985
- http://www.securitytracker.com/id?1020916
- http://secunia.com/advisories/32011
- http://secunia.com/advisories/32007
- http://www.redhat.com/support/errata/RHSA-2008-0879.html
- http://www.redhat.com/support/errata/RHSA-2008-0882.html
- http://secunia.com/advisories/31987
- http://www.ubuntu.com/usn/usn-645-1
- http://secunia.com/advisories/32010
- http://secunia.com/advisories/31984
- http://secunia.com/advisories/33433
- http://www.debian.org/security/2009/dsa-1697
- http://www.debian.org/security/2009/dsa-1696
- http://secunia.com/advisories/33434
- http://secunia.com/advisories/34501
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
- http://www.vupen.com/english/advisories/2009/0977
- http://www.vupen.com/english/advisories/2008/2661
- http://secunia.com/advisories/32185
- http://secunia.com/advisories/32196
- http://www.debian.org/security/2008/dsa-1649
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45355
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10206
Frequently Asked Questions
What is the severity of CVE-2008-4062?
CVE-2008-4062 has a high severity rating due to its potential to cause denial of service and remote code execution.
How do I fix CVE-2008-4062?
To fix CVE-2008-4062, update Mozilla Firefox, Thunderbird, or SeaMonkey to the latest version available.
What versions are affected by CVE-2008-4062?
CVE-2008-4062 affects Mozilla Firefox versions before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12.
What types of attacks does CVE-2008-4062 allow?
CVE-2008-4062 allows remote attackers to cause memory corruption, application crashes, and potentially execute arbitrary code.
Is it safe to use affected software after CVE-2008-4062 is disclosed?
No, it is not safe to use affected software until it has been updated to mitigate the vulnerabilities outlined in CVE-2008-4062.
- agent/weakness
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/3.0
- canonical/mozilla seamonkey
- canonical/mozilla thunderbird
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/4.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/6.06
- version/ubuntu linux/7.04
- version/ubuntu linux/7.10
- version/ubuntu linux/8.04
- canonical/mozilla firefox and thunderbird
- version/mozilla firefox and thunderbird/3.0
- canonical/debian
- version/debian/4.0