Sign-up

ID

VAR-200807-0073


CVE

CVE-2008-2934


TITLE

Mac OS X  for  Mozilla Firefox  Vulnerability that allows arbitrary code execution in

Trust: 0.8

sources: JVNDB: JVNDB-2008-001568

DESCRIPTION

Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. Mozilla Firefox for Mac OS X is prone to a memory-corruption vulnerability. An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application. This issue affects Firefox 3.0. Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 13 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Learn more / Download (instant access): http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox Javascript Garbage Collector Vulnerability SECUNIA ADVISORY ID: SA29787 VERIFY ADVISORY: http://secunia.com/advisories/29787/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Mozilla Firefox 2.0.x http://secunia.com/product/12434/ DESCRIPTION: A vulnerability has been reported in Mozilla Firefox, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the Javascript Garbage Collector and can be exploited to cause a memory corruption via specially crafted Javascript code. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 2.0.0.13. Prior versions may also be affected. SOLUTION: Update to version 2.0.0.14. http://www.mozilla.com/en-US/firefox/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Mozilla Foundation: http://www.mozilla.org/security/announce/2008/mfsa2008-20.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. For more information: SA30761 SA30911 SA31120 SA31132 SA31984 SA32007 SA32192 SA32693 SA32713 SA33203 SOLUTION: Apply patches. -- SPARC Platform -- Firefox 2.0 for Solaris 10: Apply patch 125539-06 or later. OpenSolaris: Fixed in build snv_95 or later. -- x86 Platform -- Firefox 2.0 for Solaris 10: Apply patch 125540-06 or later. OpenSolaris: Fixed in build snv_95 or later. =========================================================== Ubuntu Security Notice USN-626-1 July 29, 2008 firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2008-2785, CVE-2008-2933, CVE-2008-2934 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: firefox-3.0 3.0.1+build1+nobinonly-0ubuntu0.8.04.3 xulrunner-1.9 1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3 After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes. Details follow: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. (CVE-2008-2933) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3.diff.gz Size/MD5: 105875 20bf75de131b805b31602d03f76edcdb http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3.dsc Size/MD5: 1605 0a4c85fb6f3771e494cb2596eb174f42 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly.orig.tar.gz Size/MD5: 10830088 546304d00e486587023418bef4c8c17e http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3.diff.gz Size/MD5: 77642 dd673f6d7523c5129df6775c369f55b1 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3.dsc Size/MD5: 1669 7fbd2e794a99288141e6c5fd6ca7bb8b http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly.orig.tar.gz Size/MD5: 40083410 802b0c07675ba0d1cc1819a6dac22c94 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65808 9fb1bd4f57c4ddaf255dec745cfb6394 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65824 9352e1cba510bcaed37478516413e41a http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65784 3ef3e033acca41bf431e196289ff3075 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65776 30a60ceed5a490065dddb86dcbc44917 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65926 093d9772c250695694846c4a862151e4 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65832 2f47d1abc1cfee76a537e665c2a961e3 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65782 852eac738d3bf243f6f3ab707cab7de1 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 8978 4ee6943368ba1582827914b014aa0b12 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 8964 9df1e05f125072a41decae2f03ed796d http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65808 4cdc3a9a27af41bd6fadf4f9f1271af0 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65774 a12883abab5cdc8fd1be41abec1d2553 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65768 d30e21a3afcf4897450a2220b0448c52 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 8944 ddb77e423b0d2fa01775998de6d16074 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65792 662c3740f2451030de9dbeef8915cd53 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 8938 19647a69ea1a19fb20c3d832efb3f667 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 65762 2948beefbc937ce8014246761aa5c42f http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 125048 61ddef6346ed04823e4e08cb8b5915ad http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb Size/MD5: 235166 7dcc225d1e6a35d1c72d83478b264b03 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 9030 51c56b6eb17a90596664e5de1efcfaf0 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 29598 bdb8fd33fbb551fba94829b6de8f48c8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 1086692 9e85d93762021da9663079eb43a806ec http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 4034992 ded5cd52011190445b8cdbbc387dbb0e http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 48708 63a365a1ed33bdd9f3e86c704639c54b http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb Size/MD5: 9020046 ce8df3e6a4d09ac7c1429f63a69bb164 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 9032 9655df6f35d580fcd316fdbe35b25c44 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 25740 b449c8c524b7cb50e05a5092bb1692ad http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 1064456 58ffa05cc64086c5c51ff694beca780d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 4016584 3c8e123c09ff04f63cde52effc867f0d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 38500 8934fc3c6cdfa988ad9dee140be7373d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb Size/MD5: 7749536 7ef6da6f25b7e0878419acccc052da3f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 9028 fdd61fb530a3339c1fffbd9ece833d8e http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 25344 7666413c6a56eb14c3708ad2e16470c7 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 1062684 ec46a573876b24eb4748bd01a2bb5435 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 4012106 243d516f2dc244758d3568e4ead4839f http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 37592 d9c551a6e990c7e63b457d7c6166113a http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb Size/MD5: 7639310 ff4c7144795f6fa0a38b0f065c04db8e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 9032 5ffb1ce496a65cc0cfa57405a249426c http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 27506 ee4f59f65df53fdf3e09fa271e290dbc http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 1078404 8ee97515994e3deac2fe7aabbbbe15ab http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 4023136 5342ffc1f46ff68174dca7b3621eeab0 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 43654 649fa96e5214857fff22b53455e99bac http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb Size/MD5: 8595530 7a92e064fe96a000b0d9a507c0827555 . This can be exploited to free an uninitialised pointer via a specially crafted GIF file. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, potentially conduct spoofing attacks, or compromise a user's system

Trust: 2.43

sources: NVD: CVE-2008-2934 // JVNDB: JVNDB-2008-001568 // BID: 30266 // VULHUB: VHN-33059 // PACKETSTORM: 65628 // PACKETSTORM: 76459 // PACKETSTORM: 68583 // PACKETSTORM: 68313 // PACKETSTORM: 68617

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:*

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:8.04

Trust: 1.0

vendor:mozillamodel:firefoxscope:eqversion: -

Trust: 0.8

vendor:mozillamodel:firefoxscope:eqversion:3.0.1

Trust: 0.8

vendor:applemodel:mac os xscope: - version: -

Trust: 0.6

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:sunmodel:solaris 10.0 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:10.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 94scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 93scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 92scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 91scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 90scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 89scope: - version: -

Trust: 0.3

vendor:nortelmodel:networks self-service peri workstationscope:eqversion:0

Trust: 0.3

vendor:nortelmodel:networks self-service peri applicationscope:eqversion:0

Trust: 0.3

vendor:nortelmodel:networks self-service mpsscope:eqversion:10000

Trust: 0.3

vendor:nortelmodel:networks self-service ccss7scope:eqversion:-0

Trust: 0.3

vendor:mozillamodel:firefoxscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:interactive responsescope:eqversion:4.0

Trust: 0.3

vendor:mozillamodel:firefoxscope:neversion:3.0.1

Trust: 0.3

sources: BID: 30266 // JVNDB: JVNDB-2008-001568 // CNNVD: CNNVD-200807-309 // NVD: CVE-2008-2934

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-2934
value: HIGH

Trust: 1.0

NVD: CVE-2008-2934
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200807-309
value: MEDIUM

Trust: 0.6

VULHUB: VHN-33059
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-2934
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-33059
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2008-2934
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2008-2934
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-33059 // JVNDB: JVNDB-2008-001568 // CNNVD: CNNVD-200807-309 // NVD: CVE-2008-2934

PROBLEMTYPE DATA

problemtype:CWE-908

Trust: 1.0

problemtype:Use of uninitialized resources (CWE-908) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-94

Trust: 0.1

sources: VULHUB: VHN-33059 // JVNDB: JVNDB-2008-001568 // NVD: CVE-2008-2934

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200807-309

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-200807-309

PATCH

title:mfsa2008-36 Mozilla Foundation  Security advisoryurl:http://www.mozilla.org/security/announce/2008/mfsa2008-36.html

Trust: 0.8

sources: JVNDB: JVNDB-2008-001568

EXTERNAL IDS

db:NVDid:CVE-2008-2934

Trust: 3.7

db:BIDid:30266

Trust: 2.8

db:SECUNIAid:31132

Trust: 2.6

db:SECTRACKid:1020516

Trust: 2.5

db:SECUNIAid:34501

Trust: 1.8

db:SECUNIAid:31270

Trust: 1.8

db:VUPENid:ADV-2009-0977

Trust: 1.7

db:VUPENid:ADV-2008-2125

Trust: 1.7

db:XFid:43850

Trust: 1.4

db:JVNDBid:JVNDB-2008-001568

Trust: 0.8

db:CNNVDid:CNNVD-200807-309

Trust: 0.7

db:UBUNTUid:USN-626-1

Trust: 0.6

db:SUNALERTid:256408

Trust: 0.6

db:VULHUBid:VHN-33059

Trust: 0.1

db:SECUNIAid:29787

Trust: 0.1

db:PACKETSTORMid:65628

Trust: 0.1

db:PACKETSTORMid:76459

Trust: 0.1

db:PACKETSTORMid:68583

Trust: 0.1

db:PACKETSTORMid:68313

Trust: 0.1

db:PACKETSTORMid:68617

Trust: 0.1

sources: VULHUB: VHN-33059 // BID: 30266 // JVNDB: JVNDB-2008-001568 // PACKETSTORM: 65628 // PACKETSTORM: 76459 // PACKETSTORM: 68583 // PACKETSTORM: 68313 // PACKETSTORM: 68617 // CNNVD: CNNVD-200807-309 // NVD: CVE-2008-2934

REFERENCES

url:http://securitytracker.com/id?1020516

Trust: 2.5

url:http://www.securityfocus.com/bid/30266

Trust: 2.5

url:http://secunia.com/advisories/31132

Trust: 2.5

url:http://www.mozilla.org/security/announce/2008/mfsa2008-36.html

Trust: 2.1

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Trust: 1.7

url:http://secunia.com/advisories/31270

Trust: 1.7

url:http://secunia.com/advisories/34501

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/0977

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-626-1

Trust: 1.7

url:https://bugzilla.mozilla.org/show_bug.cgi?id=441360

Trust: 1.7

url:http://xforce.iss.net/xforce/xfdb/43850

Trust: 1.4

url:http://www.frsirt.com/english/advisories/2008/2125

Trust: 1.4

url:http://www.vupen.com/english/advisories/2008/2125

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/43850

Trust: 1.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2934

Trust: 0.8

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-256408-1

Trust: 0.4

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.4

url:http://www.mozilla.com/en-us/

Trust: 0.3

url:http://support.avaya.com/elmodocs2/security/asa-2009-158.htm

Trust: 0.3

url:http://support.nortel.com/go/main.jsp?cscat=bltndetail&id=909495

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.3

url:http://secunia.com/about_secunia_advisories/

Trust: 0.3

url:http://www.mozilla.com/en-us/firefox/

Trust: 0.2

url:http://secunia.com/advisories/30761/

Trust: 0.2

url:http://secunia.com/advisories/31132/

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3.diff.gz

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3.dsc

Trust: 0.2

url:http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3.dsc

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb

Trust: 0.2

url:http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb

Trust: 0.2

url:http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly.orig.tar.gz

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb

Trust: 0.2

url:http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb

Trust: 0.2

url:http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb

Trust: 0.2

url:http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb

Trust: 0.2

url:http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3.diff.gz

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb

Trust: 0.2

url:http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_lpia.deb

Trust: 0.2

url:http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly.orig.tar.gz

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_i386.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb

Trust: 0.2

url:http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_powerpc.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.1+build1+nobinonly-0ubuntu0.8.04.3_amd64.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3_all.deb

Trust: 0.2

url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/

Trust: 0.2

url:http://secunia.com/secunia_security_specialist/

Trust: 0.2

url:http://corporate.secunia.com/about_secunia/64/

Trust: 0.2

url:http://www.mozilla.org/security/announce/2008/mfsa2008-20.html

Trust: 0.1

url:http://secunia.com/network_software_inspector_2/

Trust: 0.1

url:http://secunia.com/advisories/29787/

Trust: 0.1

url:http://secunia.com/product/12434/

Trust: 0.1

url:http://secunia.com/advisories/32693/

Trust: 0.1

url:http://secunia.com/advisories/34501/

Trust: 0.1

url:http://secunia.com/advisories/32192/

Trust: 0.1

url:http://secunia.com/advisories/33203/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/32007/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/advisories/32713/

Trust: 0.1

url:http://secunia.com/advisories/31984/

Trust: 0.1

url:http://secunia.com/advisories/31120/

Trust: 0.1

url:http://secunia.com/advisories/30911/

Trust: 0.1

url:http://secunia.com/advisories/try_vi/request_2008_report/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-2934

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-2933

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-2785

Trust: 0.1

url:http://secunia.com/product/96/

Trust: 0.1

url:http://secunia.com/product/19089/

Trust: 0.1

url:http://secunia.com/advisories/31106/

Trust: 0.1

url:http://secunia.com/advisories/31270/

Trust: 0.1

url:http://secunia.com/product/18611/

Trust: 0.1

url:https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-july/000735.html

Trust: 0.1

sources: VULHUB: VHN-33059 // BID: 30266 // JVNDB: JVNDB-2008-001568 // PACKETSTORM: 65628 // PACKETSTORM: 76459 // PACKETSTORM: 68583 // PACKETSTORM: 68313 // PACKETSTORM: 68617 // CNNVD: CNNVD-200807-309 // NVD: CVE-2008-2934

CREDITS

Drew Yao

Trust: 0.9

sources: BID: 30266 // CNNVD: CNNVD-200807-309

SOURCES

db:VULHUBid:VHN-33059
db:BIDid:30266
db:JVNDBid:JVNDB-2008-001568
db:PACKETSTORMid:65628
db:PACKETSTORMid:76459
db:PACKETSTORMid:68583
db:PACKETSTORMid:68313
db:PACKETSTORMid:68617
db:CNNVDid:CNNVD-200807-309
db:NVDid:CVE-2008-2934

LAST UPDATE DATE

2025-04-10T22:42:01.645000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-33059date:2017-08-08T00:00:00
db:BIDid:30266date:2009-05-15T23:46:00
db:JVNDBid:JVNDB-2008-001568date:2024-02-29T04:53:00
db:CNNVDid:CNNVD-200807-309date:2009-04-16T00:00:00
db:NVDid:CVE-2008-2934date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-33059date:2008-07-18T00:00:00
db:BIDid:30266date:2008-07-16T00:00:00
db:JVNDBid:JVNDB-2008-001568date:2008-08-13T00:00:00
db:PACKETSTORMid:65628date:2008-04-18T18:12:52
db:PACKETSTORMid:76459date:2009-04-08T15:48:03
db:PACKETSTORMid:68583date:2008-07-29T01:00:42
db:PACKETSTORMid:68313date:2008-07-18T08:29:19
db:PACKETSTORMid:68617date:2008-07-30T02:11:40
db:CNNVDid:CNNVD-200807-309date:2008-07-18T00:00:00
db:NVDid:CVE-2008-2934date:2008-07-18T16:41:00