Vulnerability Details : CVE-2008-4062
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Threat overview for CVE-2008-4062
Top countries where our scanners detected CVE-2008-4062
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2008-4062 121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-4062!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-4062
Probability of exploitation activity in the next 30 days: 2.83%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-4062
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-4062
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4062
-
http://www.redhat.com/support/errata/RHSA-2008-0882.html
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0908.html
Third Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html
Third Party Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
Third Party Advisory
-
http://www.ubuntu.com/usn/usn-647-1
Third Party Advisory
-
http://www.ubuntu.com/usn/usn-645-2
Third Party Advisory
-
http://www.ubuntu.com/usn/usn-645-1
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:206
Third Party Advisory
-
http://www.debian.org/security/2009/dsa-1696
[SECURITY] [DSA 1696-1] New icedove packages fix several vulnerabilitiesThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=444608
Issue Tracking;Vendor Advisory
-
http://www.securitytracker.com/id?1020916
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2008/2661
Third Party Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=367736
Issue Tracking;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45355
Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2008/dsa-1649
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10206
Third Party Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
Third Party Advisory
-
http://www.debian.org/security/2009/dsa-1697
[SECURITY] [DSA 1697-1] New iceape packages fix several vulnerabilitiesThird Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
Third Party Advisory
-
http://www.securityfocus.com/bid/31346
Third Party Advisory;VDB Entry
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
Broken Link
-
http://www.redhat.com/support/errata/RHSA-2008-0879.html
Third Party Advisory
-
http://www.debian.org/security/2008/dsa-1669
[SECURITY] [DSA 1669-1] New xulrunner packages fix several vulnerabilitiesThird Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
Third Party Advisory
-
http://download.novell.com/Download?buildid=WZXONb-tqBw~
Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=445229
Issue Tracking;Vendor Advisory
-
http://www.vupen.com/english/advisories/2009/0977
Webmail: access your OVH emails on ovhcloud.com | OVHcloudThird Party Advisory
-
http://www.mozilla.org/security/announce/2008/mfsa2008-42.html
Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
Third Party Advisory
Products affected by CVE-2008-4062
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*