[Forgot Password]
Login  Register Subscribe

24002

 
 

127027

 
 

102010

 
 

909

 
 

81374

 
 

133

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-0017Date: (C)2008-11-13   (M)2018-02-19


The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : CVSS Score  : 9.3
Exploit Score: Exploit Score: 8.6
Impact Score : Impact Score : 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  





Reference:
SECTRACK-1021185
http://www.iss.net/threats/311.html
SUNALERT-256408
BID-32281
SECUNIA-32684
SECUNIA-32693
SECUNIA-32694
SECUNIA-32695
SECUNIA-32713
SECUNIA-32714
SECUNIA-32721
SECUNIA-32778
SECUNIA-32845
SECUNIA-32853
SECUNIA-33433
SECUNIA-34501
ADV-2008-3146
ADV-2009-0977
DSA-1669
DSA-1671
DSA-1697
FEDORA-2008-9667
FEDORA-2008-9669
MDVSA-2008:228
MDVSA-2008:230
RHSA-2008:0977
RHSA-2008:0978
SUSE-SA:2008:055
TA08-319A
USN-667-1
http://www.mozilla.org/security/announce/2008/mfsa2008-54.html
https://bugzilla.mozilla.org/show_bug.cgi?id=443299

CPE    49
cpe:/a:mozilla:seamonkey:1.0:alpha
cpe:/a:mozilla:seamonkey:1.1
cpe:/a:mozilla:seamonkey:1.0.1
cpe:/a:mozilla:seamonkey:1.0.2
...
CWE    1
CWE-119
OVAL    6
oval:org.secpod.oval:def:301405
oval:org.secpod.oval:def:301255
oval:org.secpod.oval:def:600503
oval:org.mitre.oval:def:8140
...

© 2013 SecPod Technologies