CVE-2008-0412

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.

🔗 References (130)

• secalert@redhathttp://browser.netscape.com/releasenotes/
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
• secalert@redhathttp://secunia.com/advisories/28754
• secalert@redhathttp://secunia.com/advisories/28758
• secalert@redhathttp://secunia.com/advisories/28766
• secalert@redhathttp://secunia.com/advisories/28808
• secalert@redhathttp://secunia.com/advisories/28815
• secalert@redhathttp://secunia.com/advisories/28818
• secalert@redhathttp://secunia.com/advisories/28839
• secalert@redhathttp://secunia.com/advisories/28864
• secalert@redhathttp://secunia.com/advisories/28865
• secalert@redhathttp://secunia.com/advisories/28877
• secalert@redhathttp://secunia.com/advisories/28879
• secalert@redhathttp://secunia.com/advisories/28924
• secalert@redhathttp://secunia.com/advisories/28939