CVE-2008-2934
Published: 18 July 2008
Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(MacOS X only)
|
feisty |
Not vulnerable
(MacOS X only)
|
|
gutsy |
Not vulnerable
(MacOS X only)
|
|
hardy |
Not vulnerable
(MacOS X only)
|
|
upstream |
Not vulnerable
(MacOS X only)
|
|
firefox-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Not vulnerable
(MacOS X only)
|
|
hardy |
Not vulnerable
(MacOS X only)
|
|
upstream |
Not vulnerable
(MacOS X only)
|
|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Not vulnerable
(MacOS X only)
|
|
hardy |
Does not exist
|
|
upstream |
Not vulnerable
(MacOS X only)
|
|
icedove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Not vulnerable
(MacOS X only)
|
|
iceweasel Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Not vulnerable
(MacOS X only)
|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(MacOS X only)
|
feisty |
Not vulnerable
(MacOS X only)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Not vulnerable
(MacOS X only)
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Not vulnerable
(MacOS X only)
|
|
upstream |
Not vulnerable
(MacOS X only)
|
|
thunderbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Not vulnerable
(MacOS X only)
|
|
hardy |
Not vulnerable
(MacOS X only)
|
|
upstream |
Not vulnerable
(MacOS X only)
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Not vulnerable
(MacOS X only)
|
|
gutsy |
Not vulnerable
(MacOS X only)
|
|
hardy |
Not vulnerable
(MacOS X only)
|
|
upstream |
Not vulnerable
(MacOS X only)
|
|
xulrunner-1.9 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Not vulnerable
(MacOS X only)
|
|
hardy |
Not vulnerable
(MacOS X only)
|
|
upstream |
Not vulnerable
(MacOS X only)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |