CVE-2008-4069

CVSS V2 Medium 5 CVSS V3 None

Description

The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.

Overview

CVE ID
CVE-2008-4069

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2008-09-24T20:37:04

Last Modified Date
2017-09-29T01:31:58

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:mozilla:firefox::::::::	1	OR	2.0.0.16
cpe:2.3:a:mozilla:firefox:0.8:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:0.9:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:0.9:rc::::::	1	OR
cpe:2.3:a:mozilla:firefox:0.9.1:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:0.9.2:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:0.9.3:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:0.9_rc:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:0.10:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:0.10.1:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.7:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.0.8:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::	1	OR
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.1:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.2:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.3:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.4:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.5:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.6:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.7:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.5.8:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:1.8:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.10:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.11:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.12:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.13:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.14:::::::*	1	OR
cpe:2.3:a:mozilla:firefox:2.0.0.15:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey::::::::	1	OR
cpe:2.3:a:mozilla:seamonkey::::::::	1	OR	1.1.11
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0::dev:::::	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.0.99:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*	1	OR
cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
NONE

Availability Impact
NONE

Base Score
5

Severity
MEDIUM

Exploitability Score
10

Impact Score
2.9

References

Reference URL	Reference Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=449703
http://www.blackhat.com/presentations/bh-usa-08/Hoffman/Hoffman-BH2008-CircumventingJavaScript.ppt
http://www.mozilla.org/security/announce/2008/mfsa2008-45.html
http://secunia.com/advisories/32042
http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
http://download.novell.com/Download?buildid=WZXONb-tqBw~
http://secunia.com/advisories/32144
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
http://secunia.com/advisories/32044
http://secunia.com/advisories/32845
http://www.debian.org/security/2008/dsa-1669
http://www.ubuntu.com/usn/usn-645-1
http://www.redhat.com/support/errata/RHSA-2008-0882.html
http://secunia.com/advisories/32012
http://www.securitytracker.com/id?1020923
http://secunia.com/advisories/31985
http://www.securityfocus.com/bid/31346
http://secunia.com/advisories/32010
http://secunia.com/advisories/31984
http://www.ubuntu.com/usn/usn-645-2
http://www.debian.org/security/2009/dsa-1697
http://secunia.com/advisories/33433
http://secunia.com/advisories/34501
http://www.vupen.com/english/advisories/2009/0977
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.vupen.com/english/advisories/2008/2661
http://secunia.com/advisories/32185
http://secunia.com/advisories/32196
http://www.debian.org/security/2008/dsa-1649
https://exchange.xforce.ibmcloud.com/vulnerabilities/45361
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11000

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2008-4069
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4069

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 08:23:31				Added to TrackCVE