FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4063

This CVE name corresponds to:

Entered	Topic
2008-09-24	mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-4063 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-4063
Phase	Assigned(20080912)

Description

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.

References

Source	Reference
CONFIRM	http://www.mozilla.org/security/announce/2008/mfsa2008-42.html
CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=413048
CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=433758
CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=444452
FEDORA	FEDORA-2008-8425
REDHAT	RHSA-2008:0879
SLACKWARE	SSA:2008-269-02
SLACKWARE	SSA:2008-270-01
SUNALERT	256408
SUSE	SUSE-SA:2008:050
UBUNTU	USN-647-1
UBUNTU	USN-645-1
UBUNTU	USN-645-2
BID	31346
OVAL	oval:org.mitre.oval:def:11151
SECUNIA	34501
SECUNIA	32196
VUPEN	ADV-2008-2661
SECTRACK	1020916
SECUNIA	32025
SECUNIA	32044
SECUNIA	32082
SECUNIA	32089
SECUNIA	32095
SECUNIA	32096
SECUNIA	31987
SECUNIA	32011
SECUNIA	32012
VUPEN	ADV-2009-0977
XF	mozilla-firefox-layout-code-execution(45354)