CVE-2008-4063

Vulnerability Description

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.

CVSS Score

Affected Products

References

• http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
• http://secunia.com/advisories/31987Vendor Advisory
• http://secunia.com/advisories/32011Vendor Advisory
• http://secunia.com/advisories/32012Vendor Advisory
• http://secunia.com/advisories/32025Vendor Advisory
• http://secunia.com/advisories/32044Vendor Advisory
• http://secunia.com/advisories/32082Vendor Advisory
• http://secunia.com/advisories/32089Vendor Advisory
• http://secunia.com/advisories/32095Vendor Advisory
• http://secunia.com/advisories/32096Vendor Advisory
• http://secunia.com/advisories/32196Vendor Advisory
• http://secunia.com/advisories/34501Vendor Advisory
• http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware
• http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1