CVE-2008-4324 - Vulnerability Details - OpenCVE

The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows Xp
Mozilla	Firefox

Configuration 1 [-]

AND

cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*

No data.

References

Link	Providers
http://evilfingers.com/advisory/Firefox_User_Interface_Null_Pointer_Dereference_Dispatcher_Crash_n_Remote_DoS.php
http://secunia.com/advisories/32040
http://securityreason.com/securityalert/4321
http://www.secniche.org/moz303.html
http://www.secniche.org/moz303/index.html
http://www.securityfocus.com/archive/1/496807/100/0/threaded
http://www.securityfocus.com/archive/1/496846/100/0/threaded
http://www.securityfocus.com/bid/31476
https://www.exploit-db.com/exploits/6614

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-29T20:00:00

Updated: 2024-08-07T10:08:35.121Z

Reserved: 2008-09-29T00:00:00

Link: CVE-2008-4324

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-09-29T20:09:59.687

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-4324

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "4321", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4321"}, {"name": "32040", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32040"}, {"tags": ["x_refsource_MISC"], "url": "http://www.secniche.org/moz303.html"}, {"name": "31476", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31476"}, {"tags": ["x_refsource_MISC"], "url": "http://www.secniche.org/moz303/index.html"}, {"name": "6614", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6614"}, {"name": "20080928 Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/496807/100/0/threaded"}, {"name": "20080930 Re: Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/496846/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://evilfingers.com/advisory/Firefox_User_Interface_Null_Pointer_Dereference_Dispatcher_Crash_n_Remote_DoS.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4324", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "4321", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4321"}, {"name": "32040", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32040"}, {"name": "http://www.secniche.org/moz303.html", "refsource": "MISC", "url": "http://www.secniche.org/moz303.html"}, {"name": "31476", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31476"}, {"name": "http://www.secniche.org/moz303/index.html", "refsource": "MISC", "url": "http://www.secniche.org/moz303/index.html"}, {"name": "6614", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6614"}, {"name": "20080928 Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/496807/100/0/threaded"}, {"name": "20080930 Re: Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/496846/100/0/threaded"}, {"name": "http://evilfingers.com/advisory/Firefox_User_Interface_Null_Pointer_Dereference_Dispatcher_Crash_n_Remote_DoS.php", "refsource": "MISC", "url": "http://evilfingers.com/advisory/Firefox_User_Interface_Null_Pointer_Dereference_Dispatcher_Crash_n_Remote_DoS.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:08:35.121Z"}, "title": "CVE Program Container", "references": [{"name": "4321", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4321"}, {"name": "32040", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32040"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.secniche.org/moz303.html"}, {"name": "31476", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31476"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.secniche.org/moz303/index.html"}, {"name": "6614", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6614"}, {"name": "20080928 Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service.", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/496807/100/0/threaded"}, {"name": "20080930 Re: Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service.", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/496846/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://evilfingers.com/advisory/Firefox_User_Interface_Null_Pointer_Dereference_Dispatcher_Crash_n_Remote_DoS.php"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4324", "datePublished": "2008-09-29T20:00:00", "dateReserved": "2008-09-29T00:00:00", "dateUpdated": "2024-08-07T10:08:35.121Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "63DF3D65-C992-44CF-89B4-893526C6242E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected."}, {"lang": "es", "value": "El despachador de eventos de la interfaz de usuario en Mozilla Firefox versi\u00f3n 3.0.3, en Windows XP SP2, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (desreferencia del puntero NULL y bloqueo de aplicaci\u00f3n) por medio de una serie de eventos de keypress, click, onkeydown, onkeyup, onmousedown, y onmouseup. NOTA: m\u00e1s tarde se report\u00f3 que Firefox versi\u00f3n 3.0.2 en Mac OS X versi\u00f3n 10.5 tambi\u00e9n est\u00e1 afectado."}], "id": "CVE-2008-4324", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-29T20:09:59.687", "references": [{"source": "cve@mitre.org", "url": "http://evilfingers.com/advisory/Firefox_User_Interface_Null_Pointer_Dereference_Dispatcher_Crash_n_Remote_DoS.php"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32040"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securityreason.com/securityalert/4321"}, {"source": "cve@mitre.org", "url": "http://www.secniche.org/moz303.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.secniche.org/moz303/index.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/496807/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/496846/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/31476"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6614"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://evilfingers.com/advisory/Firefox_User_Interface_Null_Pointer_Dereference_Dispatcher_Crash_n_Remote_DoS.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32040"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://securityreason.com/securityalert/4321"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.secniche.org/moz303.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.secniche.org/moz303/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/496807/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/496846/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/31476"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6614"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}