CyberSec.Space Logo
Back to CVE Browser

CVE-2008-5500

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0890%
EPSS Percentile4.23th
PublishedDec 17, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Firefox

>= 2.0 and < 2.0.0.19
πŸ“¦
Mozilla

Firefox

>= 3.0 and < 3.0.5
πŸ“¦
Mozilla

Seamonkey

>= 1.0 and < 1.1.14
πŸ“¦
Mozilla

Thunderbird

>= 2.0 and < 2.0.0.19
πŸ’»
Canonical

Ubuntu Linux

= 6.06
πŸ’»
Canonical

Ubuntu Linux

= 7.10
πŸ’»
Canonical

Ubuntu Linux

= 8.04
πŸ’»
Canonical

Ubuntu Linux

= 8.10
πŸ’»
Debian

Debian Linux

= 4.0
πŸ’»
Debian

Debian Linux

= 5.0

References & Advisories

πŸ”— http://secunia.com/advisories/33184
πŸ”— http://secunia.com/advisories/33188
πŸ”— http://secunia.com/advisories/33189
πŸ”— http://secunia.com/advisories/33203
πŸ”— http://secunia.com/advisories/33204
πŸ”— http://secunia.com/advisories/33205
πŸ”— http://secunia.com/advisories/33216
πŸ”— http://secunia.com/advisories/33231

Related Vulnerabilities

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...

CVE-2019-2513610.0

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and ...

CVE-2018-1850510.0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee...

CVE-2020-1238810.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...