CVE-2008-4069

MEDIUM

Description

The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.

References

http://download.novell.com/Download?buildid=WZXONb-tqBw~

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

http://secunia.com/advisories/31984

http://secunia.com/advisories/31985

http://secunia.com/advisories/32010

http://secunia.com/advisories/32012

http://secunia.com/advisories/32042

http://secunia.com/advisories/32044

http://secunia.com/advisories/32144

http://secunia.com/advisories/32185

http://secunia.com/advisories/32196

http://secunia.com/advisories/32845

http://secunia.com/advisories/33433

http://secunia.com/advisories/34501

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://www.blackhat.com/presentations/bh-usa-08/Hoffman/Hoffman-BH2008-CircumventingJavaScript.ppt

http://www.debian.org/security/2008/dsa-1649

http://www.debian.org/security/2008/dsa-1669

http://www.debian.org/security/2009/dsa-1697

http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

http://www.mozilla.org/security/announce/2008/mfsa2008-45.html

http://www.redhat.com/support/errata/RHSA-2008-0882.html

http://www.securityfocus.com/bid/31346

http://www.securitytracker.com/id?1020923

http://www.ubuntu.com/usn/usn-645-1

http://www.ubuntu.com/usn/usn-645-2

http://www.vupen.com/english/advisories/2008/2661

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=449703

https://exchange.xforce.ibmcloud.com/vulnerabilities/45361

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11000

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

Details

Source: MITRE

Published: 2008-09-24

Updated: 2017-09-29

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM