CVE-2008-2785 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2785): Unspecified vulnerability in Firefox 3.0 and 2.0.x has unknown impact and remote attack vectors, aka ZDI-CAN-349.
nothing to see here (et), move along No information available at the moment, so this bug is just to keep track of the issue http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30 There is also CVE-2008-2786, which could be related. http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2786
Mozilla writes: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla's internal CSSValue array data structure. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer. Fixed in 2.0.0.16, handling this in the other bug. *** This bug has been marked as a duplicate of bug 231975 ***
