CVE-2008-4063

Description

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.

9.3

CVSS

Severity: Critical

CVSS 2.0 •

EPSS 2.85% Top 15%

Vendor Advisory ubuntu.com Vendor Advisory ubuntu.com Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory slackware.com Vendor Advisory sun.com Vendor Advisory redhat.com Vendor Advisory ubuntu.com Vendor Advisory slackware.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory mozilla.org

Affected: n/a n/a

References

Link	Tags
http://secunia.com/advisories/32025	third party advisory vendor advisory
http://secunia.com/advisories/32011	third party advisory vendor advisory
http://www.securitytracker.com/id?1020916	vdb entry
https://bugzilla.mozilla.org/show_bug.cgi?id=413048
http://secunia.com/advisories/32096	third party advisory vendor advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-42.html	vendor advisory
http://www.ubuntu.com/usn/usn-645-1	vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45354	vdb entry
http://www.vupen.com/english/advisories/2009/0977	vdb entry
http://www.ubuntu.com/usn/usn-645-2	vendor advisory
http://www.securityfocus.com/bid/31346	vdb entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11151	signature vdb entry
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html	vendor advisory
http://secunia.com/advisories/32196	third party advisory vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html	vendor advisory
http://www.vupen.com/english/advisories/2008/2661	vdb entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422	vendor advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=444452
http://secunia.com/advisories/32095	third party advisory vendor advisory
http://secunia.com/advisories/32089	third party advisory vendor advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1	vendor advisory
http://www.redhat.com/support/errata/RHSA-2008-0879.html	vendor advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=433758
http://secunia.com/advisories/31987	third party advisory vendor advisory
http://www.ubuntu.com/usn/usn-647-1	vendor advisory
http://secunia.com/advisories/32012	third party advisory vendor advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123	vendor advisory
http://secunia.com/advisories/32044	third party advisory vendor advisory
http://secunia.com/advisories/34501	third party advisory vendor advisory
http://secunia.com/advisories/32082	third party advisory vendor advisory

Frequently Asked Questions

What is the severity of CVE-2008-4063?: CVE-2008-4063 has been scored as a critical severity vulnerability.
How to fix CVE-2008-4063?: To fix CVE-2008-4063, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2008-4063 being actively exploited in the wild?: It is possible that CVE-2008-4063 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~3% probability that this vulnerability will be exploited by malicious actors in the next 30 days.