CVE-2008-5017

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.x prior to 3.0.4 Mozilla Firefox versions 2.x prior to 2.0.0.18 Thunderbird versions 2.x prior to 2.0.0.18 SeaMonkey versions 1.x prior to 1.1.13 libxul0d-dbg (affected versions not specified) libxul-dev (affected versions not specified) libsmjs1 (affected versions not specified) libmozjs0d-dbg (affected versions not specified) libmozjs0d (affected versions not specified) libxul0d (affected versions not specified) libnss3-0d-dbg (affected versions not specified) libsmjs-dev (affected versions not specified) libnss3-0d (affected versions not specified) libxul-common (affected versions not specified)

Description The issue involves multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libxul0d-dbg, libxul-dev, libsmjs1, libmozjs0d-dbg, libmozjs0d, libxul0d, libnss3-0d-dbg, libsmjs-dev, libnss3-0d, and libxul-common. These vulnerabilities can be exploited remotely, potentially leading to a disruption of confidentiality, integrity, and availability of protected information. Additionally, an integer overflow in the xpcom/io/nsEscape.cpp file in the browser engine of Mozilla Firefox can cause a denial of service (crash) via unknown vectors.

Recommendations For Mozilla Firefox versions 3.x prior to 3.0.4, update to version 3.0.4 or later. For Mozilla Firefox versions 2.x prior to 2.0.0.18, update to version 2.0.0.18 or later. For Thunderbird versions 2.x prior to 2.0.0.18, update to version 2.0.0.18 or later. For SeaMonkey versions 1.x prior to 1.1.13, update to version 1.1.13 or later. For libxul0d-dbg, libxul-dev, libsmjs1, libmozjs0d-dbg, libmozjs0d, libxul0d, libnss3-0d-dbg, libsmjs-dev, libnss3-0d, and libxul-common, at the moment, there is no information about a newer version that contains a fix for this vulnerability.