CVE-2008-2807

Published: 07 July 2008

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.15)
firefox-3.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

iceape
Launchpad, Ubuntu, Debian
Upstream Needs triage

icedove
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.15)
iceweasel
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.15)
mozilla-thunderbird
Launchpad, Ubuntu, Debian
Upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.10)
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.16)
xulrunner
Launchpad, Ubuntu, Debian
Upstream Needs triage