ID CVE-2008-5822
Summary Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:libxul
    cpe:2.3:a:mozilla:libxul
  • Mozilla Firefox 3.0.5
    cpe:2.3:a:mozilla:firefox:3.0.5
CVSS
Base: 5.0 (as of 05-01-2009 - 10:20)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family Gentoo Local Security Checks
NASL id GENTOO_GLSA-201301-01.NASL
description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
last seen 2019-02-21
modified 2018-11-19
plugin id 63402
published 2013-01-08
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=63402
title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
refmap via4
misc
xf libxul-class-dos(47758)
statements via4
contributor Joshua Bressers
lastmodified 2009-01-19
organization Red Hat
statement Red Hat does not consider a crash of a client application such as Firefox to be a security issue.
Last major update 30-10-2012 - 23:08
Published 02-01-2009 - 14:30
Last modified 07-08-2017 - 21:33
Back to Top