NVD Vulnerability Detail

CVE-2008-5500

Summary	The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.
Summary	Per http://www.mozilla.org/security/announce/2008/mfsa2008-60.html Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.
Publication Date	Dec. 18, 2008, 8:30 a.m.
Registration Date	Jan. 29, 2021, 1:46 p.m.
Last Update	Nov. 9, 2018, 5:10 a.m.

CVSS2.0 : HIGH
Score	10.0
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox::::::::	2.0			2.0.0.19
cpe:2.3:a:mozilla:firefox::::::::	3.0			3.0.5
cpe:2.3:a:mozilla:seamonkey::::::::	1.0			1.1.14
cpe:2.3:a:mozilla:thunderbird::::::::	2.0			2.0.0.19

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:debian:debian_linux:5.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/33184	SECUNIA	Third Party Advisory
2	http://secunia.com/advisories/33188	SECUNIA	Third Party Advisory
3	http://secunia.com/advisories/33189	SECUNIA	Third Party Advisory
4	http://secunia.com/advisories/33203	SECUNIA	Third Party Advisory
5	http://secunia.com/advisories/33204	SECUNIA	Third Party Advisory
6	http://secunia.com/advisories/33205	SECUNIA	Third Party Advisory
7	http://secunia.com/advisories/33216	SECUNIA	Third Party Advisory
8	http://secunia.com/advisories/33231	SECUNIA	Third Party Advisory
9	http://secunia.com/advisories/33232	SECUNIA	Third Party Advisory
10	http://secunia.com/advisories/33408	SECUNIA	Third Party Advisory
11	http://secunia.com/advisories/33415	SECUNIA	Third Party Advisory
12	http://secunia.com/advisories/33421	SECUNIA	Third Party Advisory
13	http://secunia.com/advisories/33433	SECUNIA	Third Party Advisory
14	http://secunia.com/advisories/33434	SECUNIA	Third Party Advisory
15	http://secunia.com/advisories/33523	SECUNIA	Third Party Advisory
16	http://secunia.com/advisories/33547	SECUNIA	Third Party Advisory
17	http://secunia.com/advisories/34501	SECUNIA	Third Party Advisory
18	http://secunia.com/advisories/35080	SECUNIA	Third Party Advisory
19	http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1	SUNALERT	Broken Link
20	http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1	SUNALERT	Broken Link
21	http://www.debian.org/security/2009/dsa-1696	DEBIAN	Third Party Advisory
22	http://www.debian.org/security/2009/dsa-1697	DEBIAN	Third Party Advisory
23	http://www.debian.org/security/2009/dsa-1704	DEBIAN	Third Party Advisory
24	http://www.debian.org/security/2009/dsa-1707	DEBIAN	Third Party Advisory
25	http://www.mandriva.com/security/advisories?name=MDVSA-2008:244	MANDRIVA	Third Party Advisory
26	http://www.mandriva.com/security/advisories?name=MDVSA-2008:245	MANDRIVA	Third Party Advisory
27	http://www.mandriva.com/security/advisories?name=MDVSA-2009:012	MANDRIVA	Third Party Advisory
28	http://www.mozilla.org/security/announce/2008/mfsa2008-60.html	CONFIRM	Vendor Advisory
29	http://www.redhat.com/support/errata/RHSA-2008-1036.html	REDHAT	Third Party Advisory
30	http://www.redhat.com/support/errata/RHSA-2008-1037.html	REDHAT	Third Party Advisory
31	http://www.redhat.com/support/errata/RHSA-2009-0002.html	REDHAT	Third Party Advisory
32	http://www.securityfocus.com/bid/32882	BID	Third Party Advisory VDB Entry
33	http://www.securitytracker.com/id?1021417	SECTRACK	Third Party Advisory VDB Entry
34	http://www.ubuntu.com/usn/usn-690-2	UBUNTU	Third Party Advisory
35	http://www.ubuntu.com/usn/usn-701-1	UBUNTU	Third Party Advisory
36	http://www.ubuntu.com/usn/usn-701-2	UBUNTU	Third Party Advisory
37	http://www.vupen.com/english/advisories/2009/0977	VUPEN	Third Party Advisory
38	https://bugzilla.mozilla.org/show_bug.cgi?id=460803	MISC	Issue Tracking Vendor Advisory
39	https://bugzilla.mozilla.org/show_bug.cgi?id=464998	MISC	Issue Tracking Vendor Advisory
40	https://exchange.xforce.ibmcloud.com/vulnerabilities/47406	XF	Third Party Advisory VDB Entry
41	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11053	OVAL	Third Party Advisory
42	https://usn.ubuntu.com/690-1/	UBUNTU	Third Party Advisory
43	https://usn.ubuntu.com/690-3/	UBUNTU	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html