CVE-2008-2934

moderate-risk

Published 2008-07-18

Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.

Do I need to act?

5.6% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (2)

Mac Os X

Ubuntu Linux

Affected Vendors

Apple Canonical

References (24)

Broken Link http://secunia.com/advisories/31132

Broken Link http://secunia.com/advisories/31270

Broken Link http://secunia.com/advisories/34501

Broken Link http://securitytracker.com/id?1020516

Broken Link http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Vendor Advisory http://www.mozilla.org/security/announce/2008/mfsa2008-36.html

Broken Link http://www.securityfocus.com/bid/30266

Third Party Advisory http://www.ubuntu.com/usn/usn-626-1

Broken Link http://www.vupen.com/english/advisories/2008/2125

Broken Link http://www.vupen.com/english/advisories/2009/0977

Exploit https://bugzilla.mozilla.org/show_bug.cgi?id=441360

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/43850

Broken Link http://secunia.com/advisories/31132

Broken Link http://secunia.com/advisories/31270

Broken Link http://secunia.com/advisories/34501

Broken Link http://securitytracker.com/id?1020516

Broken Link http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Vendor Advisory http://www.mozilla.org/security/announce/2008/mfsa2008-36.html

Broken Link http://www.securityfocus.com/bid/30266

Third Party Advisory http://www.ubuntu.com/usn/usn-626-1

and 4 more references

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 8/34 · Low

Exposure 7/34 · Low