1. Home
  2. Vulnerabilities
  3. CVE-2008-2785

CVE-2008-2785

CVSS v2.0 9.3 (High)
93% Progress
EPSS 45.24 % (97th)
45.24% Progress
Affected Products 3
Advisories 11
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.

Weaknesses
CWE-189
Numeric Errors
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2008-06-19 21:41:00
(16 years ago)
Updated Date
2018-10-11 20:42:54
(6 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 2.0.0.15 and prior versions cpe:2.3:a:mozilla:firefox <= 2.0.0.15
  Mozilla Firefox 2.0 cpe:2.3:a:mozilla:firefox:2.0
  Mozilla Firefox 2.0.0.1 cpe:2.3:a:mozilla:firefox:2.0.0.1
  Mozilla Firefox 2.0.0.2 cpe:2.3:a:mozilla:firefox:2.0.0.2
  Mozilla Firefox 2.0.0.3 cpe:2.3:a:mozilla:firefox:2.0.0.3
  Mozilla Firefox 2.0.0.4 cpe:2.3:a:mozilla:firefox:2.0.0.4
  Mozilla Firefox 2.0.0.5 cpe:2.3:a:mozilla:firefox:2.0.0.5
  Mozilla Firefox 2.0.0.6 cpe:2.3:a:mozilla:firefox:2.0.0.6
  Mozilla Firefox 2.0.0.7 cpe:2.3:a:mozilla:firefox:2.0.0.7
  Mozilla Firefox 2.0.0.8 cpe:2.3:a:mozilla:firefox:2.0.0.8
  Mozilla Firefox 2.0.0.9 cpe:2.3:a:mozilla:firefox:2.0.0.9
  Mozilla Firefox 2.0.0.10 cpe:2.3:a:mozilla:firefox:2.0.0.10
  Mozilla Firefox 2.0.0.11 cpe:2.3:a:mozilla:firefox:2.0.0.11
  Mozilla Firefox 2.0.0.12 cpe:2.3:a:mozilla:firefox:2.0.0.12
  Mozilla Firefox 2.0.0.13 cpe:2.3:a:mozilla:firefox:2.0.0.13
  Mozilla Firefox 2.0.0.14 cpe:2.3:a:mozilla:firefox:2.0.0.14
  Mozilla Firefox 3.0 cpe:2.3:a:mozilla:firefox:3.0
  Mozilla Seamonkey 1.1.10 and prior versions cpe:2.3:a:mozilla:seamonkey <= 1.1.10
  Mozilla Seamonkey 1.0 cpe:2.3:a:mozilla:seamonkey:1.0
  Mozilla Seamonkey 1.0 Alpha cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  Mozilla Seamonkey 1.0 Beta cpe:2.3:a:mozilla:seamonkey:1.0:beta
  Mozilla Seamonkey 1.0.1 cpe:2.3:a:mozilla:seamonkey:1.0.1
  Mozilla Seamonkey 1.0.2 cpe:2.3:a:mozilla:seamonkey:1.0.2
  Mozilla Seamonkey 1.0.3 cpe:2.3:a:mozilla:seamonkey:1.0.3
  Mozilla Seamonkey 1.0.4 cpe:2.3:a:mozilla:seamonkey:1.0.4
  Mozilla Seamonkey 1.0.5 cpe:2.3:a:mozilla:seamonkey:1.0.5
  Mozilla Seamonkey 1.0.6 cpe:2.3:a:mozilla:seamonkey:1.0.6
  Mozilla Seamonkey 1.0.7 cpe:2.3:a:mozilla:seamonkey:1.0.7
  Mozilla Seamonkey 1.0.8 cpe:2.3:a:mozilla:seamonkey:1.0.8
  Mozilla Seamonkey 1.0.9 cpe:2.3:a:mozilla:seamonkey:1.0.9
  Mozilla Seamonkey 1.1 cpe:2.3:a:mozilla:seamonkey:1.1
  Mozilla Seamonkey 1.1 Alpha cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  Mozilla Seamonkey 1.1 Beta cpe:2.3:a:mozilla:seamonkey:1.1:beta
  Mozilla Seamonkey 1.1.1 cpe:2.3:a:mozilla:seamonkey:1.1.1
  Mozilla Seamonkey 1.1.2 cpe:2.3:a:mozilla:seamonkey:1.1.2
  Mozilla Seamonkey 1.1.3 cpe:2.3:a:mozilla:seamonkey:1.1.3
  Mozilla Seamonkey 1.1.4 cpe:2.3:a:mozilla:seamonkey:1.1.4
  Mozilla Seamonkey 1.1.5 cpe:2.3:a:mozilla:seamonkey:1.1.5
  Mozilla Seamonkey 1.1.6 cpe:2.3:a:mozilla:seamonkey:1.1.6
  Mozilla Seamonkey 1.1.7 cpe:2.3:a:mozilla:seamonkey:1.1.7
  Mozilla Seamonkey 1.1.8 cpe:2.3:a:mozilla:seamonkey:1.1.8
  Mozilla Seamonkey 1.1.9 cpe:2.3:a:mozilla:seamonkey:1.1.9
  Mozilla Thunderbird 2.0.0.14 and prior versions cpe:2.3:a:mozilla:thunderbird <= 2.0.0.14
  Mozilla Thunderbird 0.1 cpe:2.3:a:mozilla:thunderbird:0.1
  Mozilla Thunderbird 0.2 cpe:2.3:a:mozilla:thunderbird:0.2
  Mozilla Thunderbird 0.3 cpe:2.3:a:mozilla:thunderbird:0.3
  Mozilla Thunderbird 0.4 cpe:2.3:a:mozilla:thunderbird:0.4
  Mozilla Thunderbird 0.5 cpe:2.3:a:mozilla:thunderbird:0.5
  Mozilla Thunderbird 0.6 cpe:2.3:a:mozilla:thunderbird:0.6
  Mozilla Thunderbird 0.7 cpe:2.3:a:mozilla:thunderbird:0.7
  Mozilla Thunderbird 0.8 cpe:2.3:a:mozilla:thunderbird:0.8
  Mozilla Thunderbird 0.9 cpe:2.3:a:mozilla:thunderbird:0.9
  Mozilla Thunderbird 1.0 cpe:2.3:a:mozilla:thunderbird:1.0
  Mozilla Thunderbird 1.0.2 cpe:2.3:a:mozilla:thunderbird:1.0.2
  Mozilla Thunderbird 1.0.5 cpe:2.3:a:mozilla:thunderbird:1.0.5
  Mozilla Thunderbird 1.0.6 cpe:2.3:a:mozilla:thunderbird:1.0.6
  Mozilla Thunderbird 1.0.7 cpe:2.3:a:mozilla:thunderbird:1.0.7
  Mozilla Thunderbird 1.0.8 cpe:2.3:a:mozilla:thunderbird:1.0.8
  Mozilla Thunderbird 1.5 cpe:2.3:a:mozilla:thunderbird:1.5
  Mozilla Thunderbird 1.5.0.2 cpe:2.3:a:mozilla:thunderbird:1.5.0.2
  Mozilla Thunderbird 1.5.0.4 cpe:2.3:a:mozilla:thunderbird:1.5.0.4
  Mozilla Thunderbird 1.5.0.5 cpe:2.3:a:mozilla:thunderbird:1.5.0.5
  Mozilla Thunderbird 1.5.0.7 cpe:2.3:a:mozilla:thunderbird:1.5.0.7
  Mozilla Thunderbird 1.5.0.8 cpe:2.3:a:mozilla:thunderbird:1.5.0.8
  Mozilla Thunderbird 1.5.0.9 cpe:2.3:a:mozilla:thunderbird:1.5.0.9
  Mozilla Thunderbird 1.5.0.10 cpe:2.3:a:mozilla:thunderbird:1.5.0.10
  Mozilla Thunderbird 1.5.0.12 cpe:2.3:a:mozilla:thunderbird:1.5.0.12
  Mozilla Thunderbird 1.5.0.13 cpe:2.3:a:mozilla:thunderbird:1.5.0.13
  Mozilla Thunderbird 1.5.0.14 cpe:2.3:a:mozilla:thunderbird:1.5.0.14
  Mozilla Thunderbird 2.0.0.0 cpe:2.3:a:mozilla:thunderbird:2.0.0.0
  Mozilla Thunderbird 2.0.0.4 cpe:2.3:a:mozilla:thunderbird:2.0.0.4
  Mozilla Thunderbird 2.0.0.5 cpe:2.3:a:mozilla:thunderbird:2.0.0.5
  Mozilla Thunderbird 2.0.0.6 cpe:2.3:a:mozilla:thunderbird:2.0.0.6
  Mozilla Thunderbird 2.0.0.9 cpe:2.3:a:mozilla:thunderbird:2.0.0.9
  Mozilla Thunderbird 2.0.0.12 cpe:2.3:a:mozilla:thunderbird:2.0.0.12