CVE-2008-2785 - компьютерная безопасность: уязвимости и эксплоиты

[RU] switch to
English Version

CVE CVE-2008-2785
Статус Candidate
Описание Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
Важность High
CVSS score 9,3
CVSS vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Phase Assigned (13.05.2011)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2785
References BID : 29802
BUGTRAQ : 20080717 ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
BUGTRAQ : 20080729 rPSA-2008-0238-1 firefox
CONFIRM : http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238
CONFIRM : http://www.mozilla.org/security/announce/2008/mfsa...
CONFIRM : http://www.novell.com/support/search.do?cmd=displa...
CONFIRM : https://bugzilla.mozilla.org/show_bug.cgi?id=440230
CONFIRM : https://issues.rpath.com/browse/RPL-2683
DEBIAN : DSA-1614
DEBIAN : DSA-1615
DEBIAN : DSA-1621
DEBIAN : DSA-1697
FEDORA : FEDORA-2008-6517
FEDORA : FEDORA-2008-6519
FEDORA : FEDORA-2008-6706
FEDORA : FEDORA-2008-6737
GENTOO : GLSA-200808-03
MANDRIVA : MDVSA-2008:148
MANDRIVA : MDVSA-2008:155
MISC : http://blog.mozilla.com/security/2008/06/18/new-se...
MISC : http://dvlabs.tippingpoint.com/blog/2008/06/18/vul...
MISC : http://www.zerodayinitiative.com/advisories/ZDI-08...
OVAL : oval:org.mitre.oval:def:9900
REDHAT : RHSA-2008:0597
REDHAT : RHSA-2008:0598
REDHAT : RHSA-2008:0599
REDHAT : RHSA-2008:0616
SECTRACK : 1020336
SECUNIA : 30761
SECUNIA : 31121
SECUNIA : 31122
SECUNIA : 31129
SECUNIA : 31144
SECUNIA : 31145
SECUNIA : 31154
SECUNIA : 31157
SECUNIA : 31176
SECUNIA : 31183
SECUNIA : 31195
SECUNIA : 31220
SECUNIA : 31253
SECUNIA : 31261
SECUNIA : 31270
SECUNIA : 31286
SECUNIA : 31306
SECUNIA : 31377
SECUNIA : 31403
SECUNIA : 33433
SECUNIA : 34501
SLACKWARE : SSA:2008-198-01
SLACKWARE : SSA:2008-198-02
SLACKWARE : SSA:2008-210-05
SUNALERT : 256408
UBUNTU : USN-623-1
UBUNTU : USN-626-1
UBUNTU : USN-626-2
UBUNTU : USN-629-1
VUPEN : ADV-2008-1873
VUPEN : ADV-2009-0977
XF : firefox-unspecified-code-execution(43167)
SecurityVulns: Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород

test server