CVE-2008-4063

CVSS v2.0 9.3 (High)

EPSS 11.08 % (95^th)

Affected Products 2

Advisories 8

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2008-09-24 20:37:04
(16 years ago)
Updated Date: 2017-09-29 01:31:58
(7 years ago)

Affected Products

Canonical

Ubuntu Linux

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Canonical Ubuntu Linux 6.06 Lts Edition	cpe:2.3:o:canonical:ubuntu_linux:6.06:-:lts
	Canonical Ubuntu Linux 7.04	cpe:2.3:o:canonical:ubuntu_linux:7.04
	Canonical Ubuntu Linux 7.10	cpe:2.3:o:canonical:ubuntu_linux:7.10
	Canonical Ubuntu Linux 8.04 Lts Edition	cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts

Configuration #2

		CPE23	From	Up To
	Mozilla Firefox 3.0.1 and prior versions	cpe:2.3:a:mozilla:firefox		<= 3.0.1
	Mozilla Firefox 3.0	cpe:2.3:a:mozilla:firefox:3.0