CVE-2008-0017

CVSS v2.0 9.3 (High)

EPSS 15.81 % (96^th)

Affected Products 4

Advisories 6

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

Weaknesses

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

Related CVEs

CVE-2008-5020

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2008-11-13 11:30:01
(16 years ago)
Updated Date: 2018-10-26 14:19:01
(5 years ago)

Affected Products

Canonical

Ubuntu Linux

Debian

Debian Linux

Mozilla

Configuration #1

	CPE23	From	Up To
Mozilla Firefox from 2.0 version and prior 2.0.0.18 version	cpe:2.3:a:mozilla:firefox	>= 2.0	< 2.0.0.18
Mozilla Firefox from 3.0 version and prior 3.0.4 version	cpe:2.3:a:mozilla:firefox	>= 3.0	< 3.0.4
Mozilla Seamonkey from 1.0 version and prior 1.1.13 version	cpe:2.3:a:mozilla:seamonkey	>= 1.0	< 1.1.13

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06:::*:lts
	Canonical Ubuntu Linux 7.10	cpe:2.3:o:canonical:ubuntu_linux:7.10
	Canonical Ubuntu Linux 8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04:::*:lts
	Canonical Ubuntu Linux 8.10	cpe:2.3:o:canonical:ubuntu_linux:8.10

Configuration #3

		CPE23	From	Up To
	Debian Linux 4.0	cpe:2.3:o:debian:debian_linux:4.0
	Debian Linux 5.0	cpe:2.3:o:debian:debian_linux:5.0