[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-0017Date: (C)2008-11-13   (M)2024-02-09


The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1021185
http://www.iss.net/threats/311.html
SUNALERT-256408
BID-32281
SECUNIA-32684
SECUNIA-32693
SECUNIA-32694
SECUNIA-32695
SECUNIA-32713
SECUNIA-32714
SECUNIA-32721
SECUNIA-32778
SECUNIA-32845
SECUNIA-32853
SECUNIA-33433
SECUNIA-34501
ADV-2008-3146
ADV-2009-0977
DSA-1669
DSA-1671
DSA-1697
FEDORA-2008-9667
FEDORA-2008-9669
MDVSA-2008:228
MDVSA-2008:230
RHSA-2008:0977
RHSA-2008:0978
SUSE-SA:2008:055
TA08-319A
USN-667-1
http://www.mozilla.org/security/announce/2008/mfsa2008-54.html
https://bugzilla.mozilla.org/show_bug.cgi?id=443299
oval:org.mitre.oval:def:11005

CPE    8
cpe:/o:debian:debian_linux:4.0
cpe:/o:debian:debian_linux:5.0
cpe:/o:canonical:ubuntu_linux:6.06::~~lts~~~
cpe:/a:mozilla:seamonkey
...
CWE    1
CWE-119
OVAL    6
oval:org.secpod.oval:def:600503
oval:org.secpod.oval:def:301255
oval:org.mitre.oval:def:8140
oval:org.secpod.oval:def:301405
...

© SecPod Technologies