CVE-2008-5502 : The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14

The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions.

Published 2008-12-17 23:30:00

Updated 2018-11-08 20:11:51

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2008-5502

Probability of exploitation activity in the next 30 days: 4.64%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-5502

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2008-5502

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-5502

http://www.redhat.com/support/errata/RHSA-2008-1036.html

Third Party Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245

Third Party Advisory

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2009-0002.html

Third Party Advisory

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=458679

Issue Tracking;Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-1037.html

Third Party Advisory

CVEs referencing this url
http://www.mozilla.org/security/announce/2008/mfsa2008-60.html

Vendor Advisory

CVEs referencing this url
https://usn.ubuntu.com/690-1/

Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id?1021417

Third Party Advisory;VDB Entry

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/47408

Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/32882

Third Party Advisory;VDB Entry

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10001

Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Broken Link

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/0977

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Third Party Advisory

CVEs referencing this url

Products affected by CVE-2008-5502

Mozilla » Firefox
Versions from including (>=) 3.0 and before (<) 3.0.5
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox
Versions from including (>=) 2.0 and before (<) 2.0.0.19
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey
Versions from including (>=) 1.0 and before (<) 1.1.14
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 8.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 8.10
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2008-5502

Exploit prediction scoring system (EPSS) score for CVE-2008-5502

CVSS scores for CVE-2008-5502

CWE ids for CVE-2008-5502

References for CVE-2008-5502

Products affected by CVE-2008-5502