CVE-2008-0412 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2008-0412?

CVE-2008-0412 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-0412?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.

Vulnerability Description

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	<= 2.0.0.11
Mozilla	Seamonkey	<= 1.1.7
Mozilla	Thunderbird	<= 2.0.0.11

Related Weaknesses (CWE)

CWE-399

References

http://browser.netscape.com/releasenotes/
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
http://secunia.com/advisories/28754Vendor Advisory
http://secunia.com/advisories/28758Vendor Advisory
http://secunia.com/advisories/28766Vendor Advisory
http://secunia.com/advisories/28808Vendor Advisory
http://secunia.com/advisories/28815Vendor Advisory
http://secunia.com/advisories/28818Vendor Advisory
http://secunia.com/advisories/28839Vendor Advisory
http://secunia.com/advisories/28864Vendor Advisory
http://secunia.com/advisories/28865Vendor Advisory
http://secunia.com/advisories/28877Vendor Advisory
http://secunia.com/advisories/28879Vendor Advisory
http://secunia.com/advisories/28924
http://secunia.com/advisories/28939

FAQ

What is CVE-2008-0412?

CVE-2008-0412 is a vulnerability with a CVSS score of 9.3 (HIGH). The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory ...

How severe is CVE-2008-0412?

CVE-2008-0412 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-0412?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.