CVE-2008-4062

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 2.0.0.17 Mozilla Firefox 3.x versions prior to 3.0.2 Thunderbird versions prior to 2.0.0.17 SeaMonkey versions prior to 1.1.12

Description The issue involves multiple unspecified vulnerabilities that can cause a denial of service or possibly execute arbitrary code via vectors related to the JavaScript engine. This includes misinterpretation of the characteristics of Namespace and QName, misuse of signed integers in the nsEscapeCount function, and interaction of JavaScript garbage collection with certain use of an NPObject. The vulnerabilities can be exploited remotely, potentially leading to disruption of confidentiality, integrity, and availability of protected information.

Recommendations For Mozilla Firefox versions prior to 2.0.0.17, update to version 2.0.0.17 or later. For Mozilla Firefox 3.x versions prior to 3.0.2, update to version 3.0.2 or later. For Thunderbird versions prior to 2.0.0.17, update to version 2.0.0.17 or later. For SeaMonkey versions prior to 1.1.12, update to version 1.1.12 or later.