CVE-2008-2785 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2008-2785
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2785

Description: Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/43167 UBUNTU http://www.ubuntu.com/usn/usn-623-1 http://www.ubuntu.com/usn/usn-629-1 http://www.ubuntu.com/usn/usn-626-1 http://www.ubuntu.com/usn/usn-626-2 ST 1020336 SLACKWARE http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380974 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380767 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484 SAID Secunia Advisory: SA30761 Secunia Advisory: SA31122 Secunia Advisory: SA31121 Secunia Advisory: SA31129 Secunia Advisory: SA31157 Secunia Advisory: SA31144 Secunia Advisory: SA31145 Secunia Advisory: SA31154 Secunia Advisory: SA31176 Secunia Advisory: SA31183 Secunia Advisory: SA31195 Secunia Advisory: SA31220 Secunia Advisory: SA31270 Secunia Advisory: SA31261 Secunia Advisory: SA31253 Secunia Advisory: SA31306 Secunia Advisory: SA31377 Secunia Advisory: SA31286 Secunia Advisory: SA31403 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0598.html http://www.redhat.com/support/errata/RHSA-2008-0599.html http://www.redhat.com/support/errata/RHSA-2008-0597.html http://rhn.redhat.com/errata/RHSA-2008-0616.html MISC http://www.zerodayinitiative.com/advisories/ZDI-08-044/ http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/ http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:155 http://www.mandriva.com/security/advisories?name=MDVSA-2008:148 GENTOO http://security.gentoo.org/glsa/glsa-200808-03.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1615 http://www.debian.org/security/2008/dsa-1621 http://www.debian.org/security/2008/dsa-1614 CONFIRM http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238 http://www.mozilla.org/security/announce/2008/mfsa2008-34.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/494860/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/494504/100/0/threaded BID 29802

Return to the previous page.