Red Hat Customer Portal

Skip to main content

CVE-2008-4062

Impact:
Critical
Public Date:
2008-09-23
Bugzilla:
463201: CVE-2008-4062 Mozilla crashes with evidence of memory corruption

The MITRE CVE dictionary describes this issue as:

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.

Find out more about CVE-2008-4062 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) RHSA-2008:0908 2008-10-01
Red Hat Enterprise Linux 5 RHSA-2008:0879 2008-09-24
Red Hat Enterprise Linux 4 RHSA-2008:0882 2008-09-24
Red Hat Enterprise Linux 4 (firefox) RHSA-2008:0879 2008-09-24
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2008:0882 2008-09-24
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2008:0908 2008-10-01
Red Hat Enterprise Linux 5 (thunderbird) RHSA-2008:0908 2008-10-01
Red Hat Enterprise Linux 2.1 (seamonkey) RHSA-2008:0882 2008-09-24

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 5 devhelp 0.12-19.el5 Fixed
Red Hat Enterprise Linux version 5 nss 3.12.1.1-1.el5 Fixed
Red Hat Enterprise Linux version 5 yelp 2.16.0-21.el5 Fixed
Red Hat Enterprise Linux version 5 xulrunner 1.9.0.2-5.el5 Fixed
Red Hat Enterprise Linux version 4 devhelp 0.10-0.10.el4 Fixed
Red Hat Enterprise Linux version 4 seamonkey 1.0.9-26.el4 Fixed

Last Modified