CVE-2008-2785 (retired)

Priority
Description
Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before
2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as
a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array)
data structure, which allows remote attackers to execute arbitrary code via
a large number of references to a common CSS object, leading to a counter
overflow and a free of in-use memory, aka ZDI-CAN-349.
Notes
Package
Upstream:released (2.0.0.16)
Package
Upstream:released (3.0.1)
Package
Upstream:needed
Package
Upstream:needed
Package
Priority: Low
Upstream:needs-triage
Package
Upstream:needed
Package
Priority: Low
Upstream:released (2.0.0.16)
Package
Upstream:released (1.8.1.18)
Package
Upstream:released (1.9.0.1)
More Information

Updated: 2019-10-09 07:11:11 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)