CVE-2008-2811

Current Description

The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.

Basic Data

PublishedJuly 07, 2008
Last ModifiedOctober 11, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaFirefox2.0*******
    2.3ApplicationMozillaFirefox2.0.0.1*******
    2.3ApplicationMozillaFirefox2.0.0.2*******
    2.3ApplicationMozillaFirefox2.0.0.3*******
    2.3ApplicationMozillaFirefox2.0.0.4*******
    2.3ApplicationMozillaFirefox2.0.0.5*******
    2.3ApplicationMozillaFirefox2.0.0.6*******
    2.3ApplicationMozillaFirefox2.0.0.7*******
    2.3ApplicationMozillaFirefox2.0.0.8*******
    2.3ApplicationMozillaFirefox2.0.0.9*******
    2.3ApplicationMozillaFirefox2.0.0.10*******
    2.3ApplicationMozillaFirefox2.0.0.11*******
    2.3ApplicationMozillaFirefox2.0.0.12*******
    2.3ApplicationMozillaFirefox2.0.0.13*******
    2.3ApplicationMozillaFirefox********2.0.0.14
    2.3ApplicationMozillaSeamonkey1.1*******
    2.3ApplicationMozillaSeamonkey1.1.2*******
    2.3ApplicationMozillaSeamonkey1.1.3*******
    2.3ApplicationMozillaSeamonkey1.1.4*******
    2.3ApplicationMozillaSeamonkey1.1.5*******
    2.3ApplicationMozillaSeamonkey1.1.6*******
    2.3ApplicationMozillaSeamonkey1.1.7*******
    2.3ApplicationMozillaSeamonkey1.1.8*******
    2.3ApplicationMozillaSeamonkey********1.1.9
    2.3ApplicationMozillaThunderbird2.0.0.0*******
    2.3ApplicationMozillaThunderbird2.0.0.1*******
    2.3ApplicationMozillaThunderbird2.0.0.2*******
    2.3ApplicationMozillaThunderbird2.0.0.3*******
    2.3ApplicationMozillaThunderbird2.0.0.4*******
    2.3ApplicationMozillaThunderbird2.0.0.5*******
    2.3ApplicationMozillaThunderbird2.0.0.6*******
    2.3ApplicationMozillaThunderbird2.0.0.8*******
    2.3ApplicationMozillaThunderbird2.0.0.9*******
    2.3ApplicationMozillaThunderbird2.0.0.11*******
    2.3ApplicationMozillaThunderbird2.0.0.12*******
    2.3ApplicationMozillaThunderbird2.0.0.13*******
    2.3ApplicationMozillaThunderbird********2.0.0.14

Vulnerable Software List

VendorProductVersions
Mozilla Firefox *, 2.0, 2.0.0.1, 2.0.0.10, 2.0.0.11, 2.0.0.12, 2.0.0.13, 2.0.0.2, 2.0.0.3, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.7, 2.0.0.8, 2.0.0.9
Mozilla Thunderbird *, 2.0.0.0, 2.0.0.1, 2.0.0.11, 2.0.0.12, 2.0.0.13, 2.0.0.2, 2.0.0.3, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.8, 2.0.0.9
Mozilla Seamonkey *, 1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8

References

NameSourceURLTags
SUSE-SA:2008:034http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.htmlSUSE
RHSA-2008:0616http://rhn.redhat.com/errata/RHSA-2008-0616.htmlREDHAT
30878http://secunia.com/advisories/30878SECUNIA
30898http://secunia.com/advisories/30898SECUNIA
30903http://secunia.com/advisories/30903SECUNIA
30911http://secunia.com/advisories/30911SECUNIAVendor Advisory
30915http://secunia.com/advisories/30915SECUNIA
30949http://secunia.com/advisories/30949SECUNIA
31005http://secunia.com/advisories/31005SECUNIA
31008http://secunia.com/advisories/31008SECUNIA
31021http://secunia.com/advisories/31021SECUNIA
31023http://secunia.com/advisories/31023SECUNIA
31069http://secunia.com/advisories/31069SECUNIA
31076http://secunia.com/advisories/31076SECUNIA
31183http://secunia.com/advisories/31183SECUNIA
31195http://secunia.com/advisories/31195SECUNIA
31220http://secunia.com/advisories/31220SECUNIA
31253http://secunia.com/advisories/31253SECUNIA
31286http://secunia.com/advisories/31286SECUNIA
31377http://secunia.com/advisories/31377SECUNIA
31403http://secunia.com/advisories/31403SECUNIA
33433http://secunia.com/advisories/33433SECUNIA
34501http://secunia.com/advisories/34501SECUNIA
GLSA-200808-03http://security.gentoo.org/glsa/glsa-200808-03.xmlGENTOO
SSA:2008-191-03http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152SLACKWARE
SSA:2008-191http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911SLACKWARE
SSA:2008-210-05http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484SLACKWARE
256408http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1SUNALERT
http://wiki.rpath.com/Advisories:rPSA-2008-0216http://wiki.rpath.com/Advisories:rPSA-2008-0216CONFIRM
DSA-1607http://www.debian.org/security/2008/dsa-1607DEBIAN
DSA-1615http://www.debian.org/security/2008/dsa-1615DEBIAN
DSA-1621http://www.debian.org/security/2008/dsa-1621DEBIAN
DSA-1697http://www.debian.org/security/2009/dsa-1697DEBIAN
VU#607267http://www.kb.cert.org/vuls/id/607267CERT-VNUS Government Resource
MDVSA-2008:136http://www.mandriva.com/security/advisories?name=MDVSA-2008:136MANDRIVA
MDVSA-2008:155http://www.mandriva.com/security/advisories?name=MDVSA-2008:155MANDRIVA
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15CONFIRM
http://www.mozilla.org/security/announce/2008/mfsa2008-33.htmlhttp://www.mozilla.org/security/announce/2008/mfsa2008-33.htmlCONFIRM
RHSA-2008:0547http://www.redhat.com/support/errata/RHSA-2008-0547.htmlREDHAT
RHSA-2008:0549http://www.redhat.com/support/errata/RHSA-2008-0549.htmlREDHAT
RHSA-2008:0569http://www.redhat.com/support/errata/RHSA-2008-0569.htmlREDHAT
20080708 rPSA-2008-0216-1 firefoxhttp://www.securityfocus.com/archive/1/494080/100/0/threadedBUGTRAQ
30038http://www.securityfocus.com/bid/30038BID
1020419http://www.securitytracker.com/id?1020419SECTRACK
USN-619-1http://www.ubuntu.com/usn/usn-619-1UBUNTU
USN-629-1http://www.ubuntu.com/usn/usn-629-1UBUNTU
ADV-2008-1993http://www.vupen.com/english/advisories/2008/1993/referencesVUPEN
ADV-2009-0977http://www.vupen.com/english/advisories/2009/0977VUPEN
https://bugzilla.mozilla.org/show_bug.cgi?id=439735https://bugzilla.mozilla.org/show_bug.cgi?id=439735CONFIRM
https://issues.rpath.com/browse/RPL-2646https://issues.rpath.com/browse/RPL-2646CONFIRM
oval:org.mitre.oval:def:9865https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9865OVAL
FEDORA-2008-6737https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.htmlFEDORA
FEDORA-2008-6706https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.htmlFEDORA
FEDORA-2008-6127https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.htmlFEDORA
FEDORA-2008-6193https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.htmlFEDORA
FEDORA-2008-6196https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.htmlFEDORA