CVE-2008-4063

Published: Sep 24, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.

Affected (6)

Products: Canonical: Ubuntu Linux · Mozilla: Firefox

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 7.04
Canonical Ubuntu Linux	Version 7.10
Canonical Ubuntu Linux	Version 8.04

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 3.0.1
Mozilla Firefox	Version 3.0

References (60)

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

Source: secalert@redhat.com

http://secunia.com/advisories/31987

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/32011

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/32012

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/32025

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/32044

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/32082

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/32089

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/32095

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/32096

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/32196

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/34501

Source: secalert@redhat.com

Vendor Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

Source: secalert@redhat.com

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Source: secalert@redhat.com

http://www.mozilla.org/security/announce/2008/mfsa2008-42.html

Source: secalert@redhat.com

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2008-0879.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/31346

Source: secalert@redhat.com

http://www.securitytracker.com/id?1020916

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-645-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-645-2

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-647-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/2661

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/0977

Source: secalert@redhat.com

https://bugzilla.mozilla.org/show_bug.cgi?id=413048

Source: secalert@redhat.com

https://bugzilla.mozilla.org/show_bug.cgi?id=433758

Source: secalert@redhat.com

https://bugzilla.mozilla.org/show_bug.cgi?id=444452

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/45354

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11151

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html