Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 246001 (CVE-2008-2786) - www-client/mozilla-firefox<=3.? Buffer Overflow (CVE-2008-2786)
Summary: www-client/mozilla-firefox<=3.? Buffer Overflow (CVE-2008-2786)
Status: RESOLVED INVALID
Alias: CVE-2008-2786
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://xforce.iss.net/xforce/xfdb/43317
Whiteboard: ~1 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-11-07 21:03 UTC by Stefan Behte (RETIRED)
Modified: 2012-02-09 15:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2008-11-07 21:03:20 UTC 
CVE-2008-2786 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2786):
  Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and
  attack vectors.  NOTE: due to lack of details as of 20080619, it is
  not clear whether this is the same issue as CVE-2008-2785.  A CVE
  identifier has been assigned for tracking purposes.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-07 21:06:33 UTC 
It seems there is no public information available, I just opened this issue for tracking purposes.
Comment 2 Anton Bolshakov 2008-12-24 02:10:01 UTC 
That exploit published today could be related
http://www.milw0rm.com/exploits/7554
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-25 15:06:20 UTC 
It might still be 0day as the source for this was a "uh look I have an exploit for firefox 3 and this is the hash"-post on http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062832.html
Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-04-08 18:07:28 UTC 
we should probably contact upstream to sort this out.
Comment 5 Jory A. Pratt gentoo-dev 2010-09-16 13:07:24 UTC 
Mozilla has nothing to do here.
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2012-02-09 15:14:23 UTC 
Upstream's bug report:
https://bugzilla.mozilla.org/show_bug.cgi?id=402735

The crash was caused due to a 3rd party extension (Download accelerator plus) and so it is invalid.