CVE-2008-0017

HIGH

Description

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

References

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

http://secunia.com/advisories/32684

http://secunia.com/advisories/32693

http://secunia.com/advisories/32694

http://secunia.com/advisories/32695

http://secunia.com/advisories/32713

http://secunia.com/advisories/32714

http://secunia.com/advisories/32721

http://secunia.com/advisories/32778

http://secunia.com/advisories/32845

http://secunia.com/advisories/32853

http://secunia.com/advisories/33433

http://secunia.com/advisories/34501

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://ubuntu.com/usn/usn-667-1

http://www.debian.org/security/2008/dsa-1669

http://www.debian.org/security/2008/dsa-1671

http://www.debian.org/security/2009/dsa-1697

http://www.iss.net/threats/311.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

http://www.mozilla.org/security/announce/2008/mfsa2008-54.html

http://www.redhat.com/support/errata/RHSA-2008-0977.html

http://www.redhat.com/support/errata/RHSA-2008-0978.html

http://www.securityfocus.com/bid/32281

http://www.securitytracker.com/id?1021185

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

http://www.vupen.com/english/advisories/2008/3146

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=443299

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11005

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

Details

Source: MITRE

Published: 2008-11-13

Updated: 2018-10-26

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
67766	Oracle Linux 5 : firefox (ELSA-2008-0978)	Nessus	Oracle Linux Local Security Checks	critical
67765	Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0977)	Nessus	Oracle Linux Local Security Checks	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
60495	Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
60494	Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
43715	CentOS 4 / 5 : firefox (CESA-2008:0978)	Nessus	CentOS Local Security Checks	critical
41511	SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5813)	Nessus	SuSE Local Security Checks	critical
41465	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5826)	Nessus	SuSE Local Security Checks	critical
40131	openSUSE Security Update : seamonkey (seamonkey-326)	Nessus	SuSE Local Security Checks	critical
40072	openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-329)	Nessus	SuSE Local Security Checks	critical
39884	openSUSE Security Update : MozillaFirefox (MozillaFirefox-334)	Nessus	SuSE Local Security Checks	critical
37572	Mandriva Linux Security Advisory : firefox (MDVSA-2008:230)	Nessus	Mandriva Local Security Checks	critical
37285	Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:228)	Nessus	Mandriva Local Security Checks	critical
36711	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-667-1)	Nessus	Ubuntu Local Security Checks	critical
36485	CentOS 3 / 4 : seamonkey (CESA-2008:0977)	Nessus	CentOS Local Security Checks	critical
35314	Debian DSA-1697-1 : iceape - several vulnerabilities	Nessus	Debian Local Security Checks	critical
34967	SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5811)	Nessus	SuSE Local Security Checks	critical
34961	openSUSE 10 Security Update : seamonkey (seamonkey-5815)	Nessus	SuSE Local Security Checks	critical
34960	openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5820)	Nessus	SuSE Local Security Checks	critical
34957	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5812)	Nessus	SuSE Local Security Checks	critical
34950	Debian DSA-1671-1 : iceweasel - several vulnerabilities	Nessus	Debian Local Security Checks	critical
34941	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5786)	Nessus	SuSE Local Security Checks	critical
34938	Debian DSA-1669-1 : xulrunner - several vulnerabilities	Nessus	Debian Local Security Checks	critical
4762	Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
34778	Fedora 9 : Miro-1.2.7-2.fc9 / cairo-dock-1.6.3.1-1.fc9.1 / chmsee-1.0.1-6.fc9 / devhelp-0.19.1-6.fc9 / etc (2008-9669)	Nessus	Fedora Local Security Checks	critical
34777	Fedora 8 : Miro-1.2.7-2.fc8 / blam-1.8.3-19.fc8 / cairo-dock-1.6.3.1-1.fc8.1 / chmsee-1.0.0-5.31.fc8 / etc (2008-9667)	Nessus	Fedora Local Security Checks	critical
34771	FreeBSD : mozilla -- multiple vulnerabilities (f29fea8f-b19f-11dd-a55e-00163e000016)	Nessus	FreeBSD Local Security Checks	critical
34768	SeaMonkey < 1.1.13 Multiple Vulnerabilities	Nessus	Windows	high
34767	Firefox 3.0.x < 3.0.4 Multiple Vulnerabilities	Nessus	Windows	high
34766	Firefox < 2.0.0.18 Multiple Vulnerabilities	Nessus	Windows	high
34764	RHEL 4 / 5 : firefox (RHSA-2008:0978)	Nessus	Red Hat Local Security Checks	critical
34763	RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0977)	Nessus	Red Hat Local Security Checks	critical
4753	SeaMonkey < 1.1.13 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
4752	Mozilla Firefox 3.x < 3.0.4 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
4751	Mozilla Firefox < 2.0.0.18 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
801316	Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
800876	SeaMonkey < 1.1.13 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800751	Firefox 3.x < 3.0.4 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800741	Firefox < 2.0.0.18 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high