Unrated severityNVD Advisory· Published Sep 24, 2008· Updated Jun 16, 2026
CVE-2008-4063
CVE-2008-4063
Description
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=3.0.1
- cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
- (no CPE)range: <3.0.2
cpe:2.3:o:canonical:ubuntu_linux:6.06:-:lts:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
Patches
Vulnerability mechanics
References
30- secunia.com/advisories/31987nvdVendor Advisory
- secunia.com/advisories/32011nvdVendor Advisory
- secunia.com/advisories/32012nvdVendor Advisory
- secunia.com/advisories/32025nvdVendor Advisory
- secunia.com/advisories/32044nvdVendor Advisory
- secunia.com/advisories/32082nvdVendor Advisory
- secunia.com/advisories/32089nvdVendor Advisory
- secunia.com/advisories/32095nvdVendor Advisory
- secunia.com/advisories/32096nvdVendor Advisory
- secunia.com/advisories/32196nvdVendor Advisory
- secunia.com/advisories/34501nvdVendor Advisory
- www.mozilla.org/security/announce/2008/mfsa2008-42.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.htmlnvd
- slackware.com/security/viewer.phpnvd
- slackware.com/security/viewer.phpnvd
- sunsolve.sun.com/search/document.donvd
- www.redhat.com/support/errata/RHSA-2008-0879.htmlnvd
- www.securityfocus.com/bid/31346nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-645-1nvd
- www.ubuntu.com/usn/usn-645-2nvd
- www.ubuntu.com/usn/usn-647-1nvd
- www.vupen.com/english/advisories/2008/2661nvd
- www.vupen.com/english/advisories/2009/0977nvd
- bugzilla.mozilla.org/show_bug.cginvd
- bugzilla.mozilla.org/show_bug.cginvd
- bugzilla.mozilla.org/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/45354nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11151nvd
- www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.htmlnvd
News mentions
0No linked articles in our index yet.