漏洞信息(CVE-2008-4062)

一、漏洞 CVE-2008-4062 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

在Mozilla Firefox 2.0.0.17 和 3.x 之前版本(3.0.2 之前), thunderbird 2.0.0.17 和 SeaMonkey 1.1.12 之间存在多个未描述的漏洞，这些漏洞允许远程攻击者通过与 JavaScript 引擎相关的向量执行任意代码。这些漏洞包括： 1. jsxml.c中的命名空间和键名特征的误解。 2. nsEscapeCount函数中 signed 整数的滥用。 3. JavaScript 垃圾回收与在某些情况下使用 NPObject 的 nsNPObjWrapper::GetNewOrUsed函数中的某些 NPObject 的相互作用。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Mozilla Firefox JavaScript引擎多个未明安全漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Firefox是Mozilla所发布的开源WEB浏览器。 Firefox中的多个安全漏洞允许恶意用户泄露敏感信息、绕过安全限制、执行欺骗攻击或入侵用户系统。由于代码共享，Thunderbird和SeaMonkey也受这些漏洞的影响。JavaScript引擎中的多个未明安全漏洞可能导致内存破坏和拒绝服务攻击，该漏洞包括： (1) jsxml.c中Namespace 和 QName特征的错误解释； (2) nsEscape.cpp中函数nsEscapeCount无符号整数错误使用； (3) nsJSNPRun

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

资源管理错误

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2008-4062 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2008-4062 的情报信息

https://bugzilla.mozilla.org/show_bug.cgi?id=445229 x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=367736 x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=444608 x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2008/mfsa2008-42.html x_refsource_CONFIRM
http://download.novell.com/Download?buildid=WZXONb-tqBw~ x_refsource_CONFIRM
http://secunia.com/advisories/32196 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/33433 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32042 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32025 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32095 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32089 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32092 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/31987 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32007 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32845 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32012 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/33434 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32044 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/34501 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32082 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32144 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32011 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32096 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32185 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32010 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/31346 vdb-entry x_refsource_BID
http://secunia.com/advisories/31985 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/31984 third-party-advisory x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 vendor-advisory x_refsource_SUNALERT
http://www.securitytracker.com/id?1020916 vdb-entry x_refsource_SECTRACK
http://www.debian.org/security/2009/dsa-1697 vendor-advisory x_refsource_DEBIAN
http://www.debian.org/security/2008/dsa-1649 vendor-advisory x_refsource_DEBIAN
http://www.debian.org/security/2009/dsa-1696 vendor-advisory x_refsource_DEBIAN
http://www.debian.org/security/2008/dsa-1669 vendor-advisory x_refsource_DEBIAN
http://www.ubuntu.com/usn/usn-645-2 vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/usn-645-1 vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/usn-647-1 vendor-advisory x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2008/2661 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/0977 vdb-entry x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2008:206 vendor-advisory x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2008-0882.html vendor-advisory x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2008:205 vendor-advisory x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2008-0879.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0908.html vendor-advisory x_refsource_REDHAT
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123 vendor-advisory x_refsource_SLACKWARE
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232 vendor-advisory x_refsource_SLACKWARE
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422 vendor-advisory x_refsource_SLACKWARE
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html vendor-advisory x_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html vendor-advisory x_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html vendor-advisory x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html vendor-advisory x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10206 vdb-entry signature x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/45355 vdb-entry x_refsource_XF
https://nvd.nist.gov/vuln/detail/CVE-2008-4062

一、 漏洞 CVE-2008-4062 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2008-4062 的公开POC

三、漏洞 CVE-2008-4062 的情报信息

一、漏洞 CVE-2008-4062 基础信息