[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-0017

Date: (C)2008-11-13   (M)2017-11-18 


The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

CVSS Score: 9.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECTRACK-1021185
http://www.iss.net/threats/311.html
SUNALERT-256408
BID-32281
SECUNIA-32684
SECUNIA-32693
SECUNIA-32694
SECUNIA-32695
SECUNIA-32713
SECUNIA-32714
SECUNIA-32721
SECUNIA-32778
SECUNIA-32845
SECUNIA-32853
SECUNIA-33433
SECUNIA-34501
ADV-2008-3146
ADV-2009-0977
DSA-1669
DSA-1671
DSA-1697
FEDORA-2008-9667
FEDORA-2008-9669
MDVSA-2008:228
MDVSA-2008:230
RHSA-2008:0977
RHSA-2008:0978
SUSE-SA:2008:055
TA08-319A
USN-667-1
http://www.mozilla.org/security/announce/2008/mfsa2008-54.html
https://bugzilla.mozilla.org/show_bug.cgi?id=443299

CPE    49
cpe:/a:mozilla:seamonkey:1.0:alpha
cpe:/a:mozilla:seamonkey:1.1
cpe:/a:mozilla:seamonkey:1.0.1
cpe:/a:mozilla:seamonkey:1.0.2
...
CWE    1
CWE-119
OVAL    6
oval:org.secpod.oval:def:301405
oval:org.secpod.oval:def:301255
oval:org.mitre.oval:def:7950
oval:org.mitre.oval:def:8140
...

© 2013 SecPod Technologies