CVE-2008-2934 - Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (app

CVE-2008-2934

Summary

Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.

References

Vulnerable Configurations

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*

CVSS

Base:	6.8 (as of 08-02-2024 - 23:43)
Impact:
Exploitability:

CWE

CWE-908

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	30266
confirm	http://www.mozilla.org/security/announce/2008/mfsa2008-36.html https://bugzilla.mozilla.org/show_bug.cgi?id=441360
sectrack	1020516
secunia	31132 31270 34501
sunalert	256408
ubuntu	USN-626-1
vupen	ADV-2008-2125 ADV-2009-0977
xf	firefox-gif-code-execution(43850)

statements via4

contributor	Tomas Hoger
lastmodified	2008-07-21
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of firefox as shipped with Red Hat Enterprise Linux 4, or 5.

Last major update

08-02-2024 - 23:43

Published

18-07-2008 - 16:41

Last modified

08-02-2024 - 23:43