CVE-2008-5502

Publication date 17 December 2008

Last updated 24 July 2024

The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox-3.0	9.10 karmic	Not in release
	9.04 jaunty	Fixed 3.0.5+nobinonly-0ubuntu1
	8.10 intrepid	Fixed 3.0.5+nobinonly-0ubuntu0.8.10.1
	8.04 LTS hardy	Fixed 3.0.5+nobinonly-0ubuntu0.8.04.1
	7.10 gutsy	Ignored end of life, was needed
	6.06 LTS dapper	Not in release
iceape	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Ignored end of life, was needed
	6.06 LTS dapper	Not in release
mozilla-thunderbird	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	6.06 LTS dapper	Fixed 1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1
seamonkey	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 1.1.17+nobinonly-0ubuntu0.8.10.1
	8.04 LTS hardy	Fixed 1.1.17+nobinonly-0ubuntu0.8.04.1
	7.10 gutsy	Not in release
	6.06 LTS dapper	Not in release
thunderbird	9.10 karmic	Fixed 2.0.0.19+nobinonly-0ubuntu1
	9.04 jaunty	Fixed 2.0.0.19+nobinonly-0ubuntu1
	8.10 intrepid	Fixed 2.0.0.19+nobinonly-0ubuntu0.8.10.1
	8.04 LTS hardy	Fixed 2.0.0.19+nobinonly-0ubuntu0.8.04.1
	7.10 gutsy	Fixed 2.0.0.19+nobinonly-0ubuntu0.7.10.1
	6.06 LTS dapper	Not in release
xulrunner-1.9	9.10 karmic	Not in release
	9.04 jaunty	Fixed 1.9.0.5+nobinonly-0ubuntu1
	8.10 intrepid	Fixed 1.9.0.5+nobinonly-0ubuntu0.8.10.1
	8.04 LTS hardy	Fixed 1.9.0.5+nobinonly-0ubuntu0.8.04.1
	7.10 gutsy	Ignored end of life, was needed
	6.06 LTS dapper	Not in release

CVE-2008-5502

Status

References

Related Ubuntu Security Notices (USN)

Other references