Vulnerabilities > CVE-2008-4324 - Resource Management Errors vulnerability in Mozilla Firefox 3.0.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Mozilla Firefox 3.0.3 User Interface Null Pointer Dereference Crash. CVE-2008-4324. Dos exploit for windows platform |
| file | exploits/windows/dos/6614.html |
| id | EDB-ID:6614 |
| last seen | 2016-02-01 |
| modified | 2008-09-28 |
| platform | windows |
| port | |
| published | 2008-09-28 |
| reporter | Aditya K Sood |
| source | https://www.exploit-db.com/download/6614/ |
| title | Mozilla Firefox 3.0.3 User Interface Null Pointer Dereference Crash |
| type | dos |
References
- http://evilfingers.com/advisory/Firefox_User_Interface_Null_Pointer_Dereference_Dispatcher_Crash_n_Remote_DoS.php
- http://secunia.com/advisories/32040
- http://securityreason.com/securityalert/4321
- http://www.secniche.org/moz303.html
- http://www.secniche.org/moz303/index.html
- http://www.securityfocus.com/archive/1/496807/100/0/threaded
- http://www.securityfocus.com/archive/1/496846/100/0/threaded
- http://www.securityfocus.com/bid/31476
- https://www.exploit-db.com/exploits/6614