NVD脆弱性詳細

CVE-2008-5500

概要	The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.
概要	El motor de diseño de Mozilla Firefox 3.x anterior a 3.0.5 y 2.x anterior a 2.0.0.19, Thunderbird 2.x anterior a 2.0.0.19 y SeaMonkey 1.x anterior a 1.1.14, permite a atacantes remotos provocar una denegación de servicio (caída) y probablemente provocar una corrupción de memoria a través de vectores relacionados con (1) un fallo de aserción o (2) un desbordamiento de entero.
公表日	2008年12月18日8:30
登録日	2021年1月29日13:46
最終更新日	2026年4月23日9:35

CVSS2.0 : HIGH
スコア	10.0
ベクター	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	はい
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox::::::::	2.0			2.0.0.19
cpe:2.3:a:mozilla:firefox::::::::	3.0			3.0.5
cpe:2.3:a:mozilla:seamonkey::::::::	1.0			1.1.14
cpe:2.3:a:mozilla:thunderbird::::::::	2.0			2.0.0.19
cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:debian:debian_linux:5.0:::::::*

関連情報、対策とツール

No	URL	refsource
1	http://secunia.com/advisories/33184	secalert@redhat.com
2	http://secunia.com/advisories/33188	secalert@redhat.com
3	http://secunia.com/advisories/33189	secalert@redhat.com
4	http://secunia.com/advisories/33203	secalert@redhat.com
5	http://secunia.com/advisories/33204	secalert@redhat.com
6	http://secunia.com/advisories/33205	secalert@redhat.com
7	http://secunia.com/advisories/33216	secalert@redhat.com
8	http://secunia.com/advisories/33231	secalert@redhat.com
9	http://secunia.com/advisories/33232	secalert@redhat.com
10	http://secunia.com/advisories/33408	secalert@redhat.com
11	http://secunia.com/advisories/33415	secalert@redhat.com
12	http://secunia.com/advisories/33421	secalert@redhat.com
13	http://secunia.com/advisories/33433	secalert@redhat.com
14	http://secunia.com/advisories/33434	secalert@redhat.com
15	http://secunia.com/advisories/33523	secalert@redhat.com
16	http://secunia.com/advisories/33547	secalert@redhat.com
17	http://secunia.com/advisories/34501	secalert@redhat.com
18	http://secunia.com/advisories/35080	secalert@redhat.com
19	http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1	secalert@redhat.com
20	http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1	secalert@redhat.com
21	http://www.debian.org/security/2009/dsa-1696	secalert@redhat.com
22	http://www.debian.org/security/2009/dsa-1697	secalert@redhat.com
23	http://www.debian.org/security/2009/dsa-1704	secalert@redhat.com
24	http://www.debian.org/security/2009/dsa-1707	secalert@redhat.com
25	http://www.mandriva.com/security/advisories?name=MDVSA-2008:244	secalert@redhat.com
26	http://www.mandriva.com/security/advisories?name=MDVSA-2008:245	secalert@redhat.com
27	http://www.mandriva.com/security/advisories?name=MDVSA-2009:012	secalert@redhat.com
28	http://www.mozilla.org/security/announce/2008/mfsa2008-60.html	secalert@redhat.com
29	http://www.redhat.com/support/errata/RHSA-2008-1036.html	secalert@redhat.com
30	http://www.redhat.com/support/errata/RHSA-2008-1037.html	secalert@redhat.com
31	http://www.redhat.com/support/errata/RHSA-2009-0002.html	secalert@redhat.com
32	http://www.securityfocus.com/bid/32882	secalert@redhat.com
33	http://www.securitytracker.com/id?1021417	secalert@redhat.com
34	http://www.ubuntu.com/usn/usn-690-2	secalert@redhat.com
35	http://www.ubuntu.com/usn/usn-701-1	secalert@redhat.com
36	http://www.ubuntu.com/usn/usn-701-2	secalert@redhat.com
37	http://www.vupen.com/english/advisories/2009/0977	secalert@redhat.com
38	https://bugzilla.mozilla.org/show_bug.cgi?id=460803	secalert@redhat.com
39	https://bugzilla.mozilla.org/show_bug.cgi?id=464998	secalert@redhat.com
40	https://exchange.xforce.ibmcloud.com/vulnerabilities/47406	secalert@redhat.com
41	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11053	secalert@redhat.com
42	https://usn.ubuntu.com/690-1/	secalert@redhat.com
43	https://usn.ubuntu.com/690-3/	secalert@redhat.com
44	http://secunia.com/advisories/33184	af854a3a-2127-422b-91ae-364da2661108
45	http://secunia.com/advisories/33188	af854a3a-2127-422b-91ae-364da2661108
46	http://secunia.com/advisories/33189	af854a3a-2127-422b-91ae-364da2661108
47	http://secunia.com/advisories/33203	af854a3a-2127-422b-91ae-364da2661108
48	http://secunia.com/advisories/33204	af854a3a-2127-422b-91ae-364da2661108
49	http://secunia.com/advisories/33205	af854a3a-2127-422b-91ae-364da2661108
50	http://secunia.com/advisories/33216	af854a3a-2127-422b-91ae-364da2661108
51	http://secunia.com/advisories/33231	af854a3a-2127-422b-91ae-364da2661108
52	http://secunia.com/advisories/33232	af854a3a-2127-422b-91ae-364da2661108
53	http://secunia.com/advisories/33408	af854a3a-2127-422b-91ae-364da2661108
54	http://secunia.com/advisories/33415	af854a3a-2127-422b-91ae-364da2661108
55	http://secunia.com/advisories/33421	af854a3a-2127-422b-91ae-364da2661108
56	http://secunia.com/advisories/33433	af854a3a-2127-422b-91ae-364da2661108
57	http://secunia.com/advisories/33434	af854a3a-2127-422b-91ae-364da2661108
58	http://secunia.com/advisories/33523	af854a3a-2127-422b-91ae-364da2661108
59	http://secunia.com/advisories/33547	af854a3a-2127-422b-91ae-364da2661108
60	http://secunia.com/advisories/34501	af854a3a-2127-422b-91ae-364da2661108
61	http://secunia.com/advisories/35080	af854a3a-2127-422b-91ae-364da2661108
62	http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1	af854a3a-2127-422b-91ae-364da2661108
63	http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1	af854a3a-2127-422b-91ae-364da2661108
64	http://www.debian.org/security/2009/dsa-1696	af854a3a-2127-422b-91ae-364da2661108
65	http://www.debian.org/security/2009/dsa-1697	af854a3a-2127-422b-91ae-364da2661108
66	http://www.debian.org/security/2009/dsa-1704	af854a3a-2127-422b-91ae-364da2661108
67	http://www.debian.org/security/2009/dsa-1707	af854a3a-2127-422b-91ae-364da2661108
68	http://www.mandriva.com/security/advisories?name=MDVSA-2008:244	af854a3a-2127-422b-91ae-364da2661108
69	http://www.mandriva.com/security/advisories?name=MDVSA-2008:245	af854a3a-2127-422b-91ae-364da2661108
70	http://www.mandriva.com/security/advisories?name=MDVSA-2009:012	af854a3a-2127-422b-91ae-364da2661108
71	http://www.mozilla.org/security/announce/2008/mfsa2008-60.html	af854a3a-2127-422b-91ae-364da2661108
72	http://www.redhat.com/support/errata/RHSA-2008-1036.html	af854a3a-2127-422b-91ae-364da2661108
73	http://www.redhat.com/support/errata/RHSA-2008-1037.html	af854a3a-2127-422b-91ae-364da2661108
74	http://www.redhat.com/support/errata/RHSA-2009-0002.html	af854a3a-2127-422b-91ae-364da2661108
75	http://www.securityfocus.com/bid/32882	af854a3a-2127-422b-91ae-364da2661108
76	http://www.securitytracker.com/id?1021417	af854a3a-2127-422b-91ae-364da2661108
77	http://www.ubuntu.com/usn/usn-690-2	af854a3a-2127-422b-91ae-364da2661108
78	http://www.ubuntu.com/usn/usn-701-1	af854a3a-2127-422b-91ae-364da2661108
79	http://www.ubuntu.com/usn/usn-701-2	af854a3a-2127-422b-91ae-364da2661108
80	http://www.vupen.com/english/advisories/2009/0977	af854a3a-2127-422b-91ae-364da2661108
81	https://bugzilla.mozilla.org/show_bug.cgi?id=460803	af854a3a-2127-422b-91ae-364da2661108
82	https://bugzilla.mozilla.org/show_bug.cgi?id=464998	af854a3a-2127-422b-91ae-364da2661108
83	https://exchange.xforce.ibmcloud.com/vulnerabilities/47406	af854a3a-2127-422b-91ae-364da2661108
84	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11053	af854a3a-2127-422b-91ae-364da2661108
85	https://usn.ubuntu.com/690-1/	af854a3a-2127-422b-91ae-364da2661108
86	https://usn.ubuntu.com/690-3/	af854a3a-2127-422b-91ae-364da2661108

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html