CVE-2008-5017

Impact:
Critical
Public Date:
2008-11-12
Bugzilla:
470883: CVE-2008-5017 Mozilla crash with evidence of memory corruption

The MITRE CVE dictionary describes this issue as:

Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.

Find out more about CVE-2008-5017 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 3 (seamonkey) RHSA-2008:0977 2008-11-13
Red Hat Enterprise Linux version 4 (firefox) RHSA-2008:0978 2008-11-13
Red Hat Enterprise Linux Desktop version 5 (thunderbird) RHSA-2008:0976 2008-11-20
Red Hat Enterprise Linux version 4 (thunderbird) RHSA-2008:0976 2008-11-20
Red Hat Enterprise Linux version 4 (seamonkey) RHSA-2008:0977 2008-11-13
Red Hat Enterprise Linux version 5 (firefox) RHSA-2008:0978 2008-11-13
Red Hat Enterprise Linux version 2.1 (seamonkey) RHSA-2008:0977 2008-11-13
Red Hat Enterprise Linux Optional Productivity Applications version 5 (thunderbird) RHSA-2008:0976 2008-11-20

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 5 devhelp 0.12-20.el5 Fixed
Red Hat Enterprise Linux version 5 yelp 2.16.0-22.el5 Fixed
Red Hat Enterprise Linux version 5 nss 3.12.1.1-3.el5 Fixed
Red Hat Enterprise Linux version 4 nss 3.12.1.1-3.el4 Fixed
Red Hat Enterprise Linux version 5 xulrunner 1.9.0.4-1.el5 Fixed