CVE-2008-5052

Firefox 2.0-2.0.0.17, SeaMonkey 1.0-1.1.12, Thunderbird 2.0-2.0.0.17 - DoS via Memory Corruption

Title source: llm
STIX 2.1

Description

The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.

References (10)

Core 10
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3146
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32281
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=454113
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-319A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021183
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235

Scores

EPSS 0.0348
EPSS Percentile 87.8%

Details

CWE
CWE-399
Status published
Products (3)
mozilla/firefox 2.0 - 2.0.0.18
mozilla/seamonkey 1.0 - 1.1.13
mozilla/thunderbird 2.0 - 2.0.0.18
Published Nov 13, 2008
Tracked Since Feb 18, 2026