CVE-2008-5822 - Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers

CVE-2008-5822

Summary

Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document.

References

Vulnerable Configurations

cpe:2.3:a:mozilla:libxul:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:libxul:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 08-08-2017 - 01:33)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

misc	http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html http://www.packetstormsecurity.org/0812-exploits/mzff_libxul_ml.txt
xf	libxul-class-dos(47758)

statements via4

contributor	Joshua Bressers
lastmodified	2009-01-19
organization	Red Hat
statement	Red Hat does not consider a crash of a client application such as Firefox to be a security issue.

Last major update

08-08-2017 - 01:33

Published

02-01-2009 - 19:30

Last modified

08-08-2017 - 01:33