CVE-2008-5822 - Vulnerability Details - OpenCVE

Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox Libxul

Configuration 1 [-]

AND

cpe:2.3:a:mozilla:libxul:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html
http://www.packetstormsecurity.org/0812-exploits/mzff_libxul_ml.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/47758

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-01-02T19:00:00

Updated: 2024-08-07T11:04:44.661Z

Reserved: 2009-01-02T00:00:00

Link: CVE-2008-5822

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-01-02T19:30:01.733

Modified: 2024-11-21T00:54:59.103

Link: CVE-2008-5822

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-31T00:00:00", "descriptions": [{"lang": "en", "value": "Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "libxul-class-dos(47758)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47758"}, {"tags": ["x_refsource_MISC"], "url": "http://www.packetstormsecurity.org/0812-exploits/mzff_libxul_ml.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5822", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "libxul-class-dos(47758)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47758"}, {"name": "http://www.packetstormsecurity.org/0812-exploits/mzff_libxul_ml.txt", "refsource": "MISC", "url": "http://www.packetstormsecurity.org/0812-exploits/mzff_libxul_ml.txt"}, {"name": "http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html", "refsource": "MISC", "url": "http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:44.661Z"}, "title": "CVE Program Container", "references": [{"name": "libxul-class-dos(47758)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47758"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.packetstormsecurity.org/0812-exploits/mzff_libxul_ml.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5822", "datePublished": "2009-01-02T19:00:00", "dateReserved": "2009-01-02T00:00:00", "dateUpdated": "2024-08-07T11:04:44.661Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:libxul:*:*:*:*:*:*:*:*", "matchCriteriaId": "931E15EE-DAD4-4C9E-AD57-C4E324DC3672", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FBC3CAD3-2F54-4E32-A0C9-0D826C45AC23", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document."}, {"lang": "es", "value": "Fugas de memoria en Libxul, como las utilizadas en Mozilla Firefox v3.0.5 y otros productos, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y cuelgue del navegador) a trav\u00e9s del un atributo CLASS largo en un elemento HR de un documento HTML."}], "id": "CVE-2008-5822", "lastModified": "2024-11-21T00:54:59.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-01-02T19:30:01.733", "references": [{"source": "cve@mitre.org", "url": "http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.packetstormsecurity.org/0812-exploits/mzff_libxul_ml.txt"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.packetstormsecurity.org/0812-exploits/mzff_libxul_ml.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47758"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat does not consider a crash of a client application such as Firefox to be a security issue.", "lastModified": "2009-01-19T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}