CVE-2008-0420

CVSS v2.0 9.3 (High)

EPSS 11.52 % (95^th)

Affected Products 3

Advisories 7

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Related CVEs

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2008-02-12 03:00:00
(16 years ago)
Updated Date: 2018-10-15 22:00:30
(6 years ago)

Affected Products

Mozilla

Configuration #1

	CPE23	Up To
Mozilla Firefox 2.0.0.11 and prior versions	cpe:2.3:a:mozilla:firefox	<= 2.0.0.11
Mozilla Firefox 0.1	cpe:2.3:a:mozilla:firefox:0.1
Mozilla Firefox 0.2	cpe:2.3:a:mozilla:firefox:0.2
Mozilla Firefox 0.3	cpe:2.3:a:mozilla:firefox:0.3
Mozilla Firefox 0.4	cpe:2.3:a:mozilla:firefox:0.4
Mozilla Firefox 0.5	cpe:2.3:a:mozilla:firefox:0.5
Mozilla Firefox 0.6	cpe:2.3:a:mozilla:firefox:0.6
Mozilla Firefox 0.6.1	cpe:2.3:a:mozilla:firefox:0.6.1
Mozilla Firefox 0.7	cpe:2.3:a:mozilla:firefox:0.7
Mozilla Firefox 0.7.1	cpe:2.3:a:mozilla:firefox:0.7.1
Mozilla Firefox 0.8	cpe:2.3:a:mozilla:firefox:0.8
Mozilla Firefox 0.9	cpe:2.3:a:mozilla:firefox:0.9
Mozilla Firefox 0.9.1	cpe:2.3:a:mozilla:firefox:0.9.1
Mozilla Firefox 0.9.2	cpe:2.3:a:mozilla:firefox:0.9.2
Mozilla Firefox 0.9.3	cpe:2.3:a:mozilla:firefox:0.9.3
Mozilla Firefox 1.0	cpe:2.3:a:mozilla:firefox:1.0
Mozilla Firefox 1.0 Preview Release	cpe:2.3:a:mozilla:firefox:1.0:preview_release
Mozilla Firefox 1.0.3	cpe:2.3:a:mozilla:firefox:1.0.3
Mozilla Firefox 1.0.5	cpe:2.3:a:mozilla:firefox:1.0.5
Mozilla Firefox 1.0.8	cpe:2.3:a:mozilla:firefox:1.0.8
Mozilla Firefox 1.5	cpe:2.3:a:mozilla:firefox:1.5
Mozilla Firefox 1.5.0.1	cpe:2.3:a:mozilla:firefox:1.5.0.1
Mozilla Firefox 1.5.0.2	cpe:2.3:a:mozilla:firefox:1.5.0.2
Mozilla Firefox 1.5.0.4	cpe:2.3:a:mozilla:firefox:1.5.0.4
Mozilla Firefox 1.5.0.6	cpe:2.3:a:mozilla:firefox:1.5.0.6
Mozilla Firefox 1.5.0.7	cpe:2.3:a:mozilla:firefox:1.5.0.7
Mozilla Firefox 1.5.0.9	cpe:2.3:a:mozilla:firefox:1.5.0.9
Mozilla Firefox 1.5.0.10	cpe:2.3:a:mozilla:firefox:1.5.0.10
Mozilla Firefox 1.5.0.12	cpe:2.3:a:mozilla:firefox:1.5.0.12
Mozilla Firefox 2.0	cpe:2.3:a:mozilla:firefox:2.0
Mozilla Firefox 2.0.0.1	cpe:2.3:a:mozilla:firefox:2.0.0.1
Mozilla Firefox 2.0.0.2	cpe:2.3:a:mozilla:firefox:2.0.0.2
Mozilla Firefox 2.0.0.7	cpe:2.3:a:mozilla:firefox:2.0.0.7
Mozilla Firefox 2.0.0.8	cpe:2.3:a:mozilla:firefox:2.0.0.8
Mozilla Firefox 2.0.0.9	cpe:2.3:a:mozilla:firefox:2.0.0.9
Mozilla Firefox 2.0.0.10	cpe:2.3:a:mozilla:firefox:2.0.0.10
Mozilla Seamonkey 1.1.7 and prior versions	cpe:2.3:a:mozilla:seamonkey	<= 1.1.7
Mozilla Seamonkey 1.0	cpe:2.3:a:mozilla:seamonkey:1.0
Mozilla Seamonkey 1.0 Alpha	cpe:2.3:a:mozilla:seamonkey:1.0:alpha
Mozilla Seamonkey 1.0 Beta	cpe:2.3:a:mozilla:seamonkey:1.0:beta
Mozilla Seamonkey 1.0.1	cpe:2.3:a:mozilla:seamonkey:1.0.1
Mozilla Seamonkey 1.0.2	cpe:2.3:a:mozilla:seamonkey:1.0.2
Mozilla Seamonkey 1.0.3	cpe:2.3:a:mozilla:seamonkey:1.0.3
Mozilla Seamonkey 1.0.5	cpe:2.3:a:mozilla:seamonkey:1.0.5
Mozilla Seamonkey 1.0.6	cpe:2.3:a:mozilla:seamonkey:1.0.6
Mozilla Seamonkey 1.0.7	cpe:2.3:a:mozilla:seamonkey:1.0.7
Mozilla Seamonkey 1.0.8	cpe:2.3:a:mozilla:seamonkey:1.0.8
Mozilla Seamonkey 1.0.9	cpe:2.3:a:mozilla:seamonkey:1.0.9
Mozilla Seamonkey 1.1	cpe:2.3:a:mozilla:seamonkey:1.1
Mozilla Seamonkey 1.1 Alpha	cpe:2.3:a:mozilla:seamonkey:1.1:alpha
Mozilla Seamonkey 1.1 Beta	cpe:2.3:a:mozilla:seamonkey:1.1:beta
Mozilla Seamonkey 1.1.1	cpe:2.3:a:mozilla:seamonkey:1.1.1
Mozilla Seamonkey 1.1.2	cpe:2.3:a:mozilla:seamonkey:1.1.2
Mozilla Seamonkey 1.1.6	cpe:2.3:a:mozilla:seamonkey:1.1.6
Mozilla Thunderbird 2.0.0.11 and prior versions	cpe:2.3:a:mozilla:thunderbird	<= 2.0.0.11
Mozilla Thunderbird 0.1	cpe:2.3:a:mozilla:thunderbird:0.1
Mozilla Thunderbird 0.5	cpe:2.3:a:mozilla:thunderbird:0.5
Mozilla Thunderbird 0.6	cpe:2.3:a:mozilla:thunderbird:0.6
Mozilla Thunderbird 0.7	cpe:2.3:a:mozilla:thunderbird:0.7
Mozilla Thunderbird 0.8	cpe:2.3:a:mozilla:thunderbird:0.8
Mozilla Thunderbird 0.9	cpe:2.3:a:mozilla:thunderbird:0.9
Mozilla Thunderbird 1.0	cpe:2.3:a:mozilla:thunderbird:1.0
Mozilla Thunderbird 1.0.2	cpe:2.3:a:mozilla:thunderbird:1.0.2
Mozilla Thunderbird 1.0.5	cpe:2.3:a:mozilla:thunderbird:1.0.5
Mozilla Thunderbird 1.0.6	cpe:2.3:a:mozilla:thunderbird:1.0.6
Mozilla Thunderbird 1.0.8	cpe:2.3:a:mozilla:thunderbird:1.0.8
Mozilla Thunderbird 1.5	cpe:2.3:a:mozilla:thunderbird:1.5
Mozilla Thunderbird 1.5.0.2	cpe:2.3:a:mozilla:thunderbird:1.5.0.2
Mozilla Thunderbird 1.5.0.4	cpe:2.3:a:mozilla:thunderbird:1.5.0.4
Mozilla Thunderbird 1.5.0.5	cpe:2.3:a:mozilla:thunderbird:1.5.0.5
Mozilla Thunderbird 1.5.0.7	cpe:2.3:a:mozilla:thunderbird:1.5.0.7
Mozilla Thunderbird 1.5.0.9	cpe:2.3:a:mozilla:thunderbird:1.5.0.9
Mozilla Thunderbird 1.5.0.12	cpe:2.3:a:mozilla:thunderbird:1.5.0.12
Mozilla Thunderbird 1.5.0.13	cpe:2.3:a:mozilla:thunderbird:1.5.0.13
Mozilla Thunderbird 1.5.0.14	cpe:2.3:a:mozilla:thunderbird:1.5.0.14
Mozilla Thunderbird 2.0.0.0	cpe:2.3:a:mozilla:thunderbird:2.0.0.0
Mozilla Thunderbird 2.0.0.4	cpe:2.3:a:mozilla:thunderbird:2.0.0.4
Mozilla Thunderbird 2.0.0.5	cpe:2.3:a:mozilla:thunderbird:2.0.0.5
Mozilla Thunderbird 2.0.0.6	cpe:2.3:a:mozilla:thunderbird:2.0.0.6
Mozilla Thunderbird 2.0.0.9	cpe:2.3:a:mozilla:thunderbird:2.0.0.9