FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4061

This CVE name corresponds to:

Entered	Topic
2008-09-24	mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-4061 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-4061
Phase	Assigned(20080912)

Description

Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.

References

Source	Reference
CONFIRM	http://www.mozilla.org/security/announce/2008/mfsa2008-42.html
CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=443089
CONFIRM	http://download.novell.com/Download?buildid=WZXONb-tqBw~
DEBIAN	DSA-1669
DEBIAN	DSA-1697
DEBIAN	DSA-1696
FEDORA	FEDORA-2008-8401
FEDORA	FEDORA-2008-8429
FEDORA	FEDORA-2008-8425
MANDRIVA	MDVSA-2008:205
MANDRIVA	MDVSA-2008:206
REDHAT	RHSA-2008:0908
REDHAT	RHSA-2008:0879
REDHAT	RHSA-2008:0882
SLACKWARE	SSA:2008-269-01
SLACKWARE	SSA:2008-269-02
SLACKWARE	SSA:2008-270-01
SUNALERT	256408
SUSE	SUSE-SA:2008:050
UBUNTU	USN-647-1
UBUNTU	USN-645-1
UBUNTU	USN-645-2
BID	31346
SECUNIA	34501
VUPEN	ADV-2008-2661
SECTRACK	1020916
SECUNIA	32042
SECUNIA	32025
SECUNIA	32092
SECUNIA	32144
SECUNIA	32044
SECUNIA	32082
SECUNIA	32089
SECUNIA	32095
SECUNIA	32096
SECUNIA	32845
SECUNIA	31984
SECUNIA	31985
SECUNIA	31987
SECUNIA	32007
SECUNIA	32010
SECUNIA	32011
SECUNIA	32012
SECUNIA	33433
SECUNIA	33434
VUPEN	ADV-2009-0977
XF	multiple-mozilla-layout-code-execution(45351)