1. Home
  2. Vulnerabilities
  3. CVE-2008-5502

CVE-2008-5502

CVSS v2.0 5 (Medium)
50% Progress
EPSS 4.64 % (93th)
4.64% Progress
Affected Products 3
Advisories 6
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions.

Weaknesses
CWE-399
Resource Management Errors
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2008-12-17 23:30:00
(15 years ago)
Updated Date
2018-11-08 20:11:51
(5 years ago)

Affected Products

Canonical

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox from 2.0 version and prior 2.0.0.19 version cpe:2.3:a:mozilla:firefox >= 2.0 < 2.0.0.19
  Mozilla Firefox from 3.0 version and prior 3.0.5 version cpe:2.3:a:mozilla:firefox >= 3.0 < 3.0.5
  Mozilla Seamonkey from 1.0 version and prior 1.1.14 version cpe:2.3:a:mozilla:seamonkey >= 1.0 < 1.1.14

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 8.04 cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts
  Canonical Ubuntu Linux 8.10 cpe:2.3:o:canonical:ubuntu_linux:8.10