First published: Thu Nov 13 2008(Updated: )
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | >=2.0<2.0.0.18 | |
Mozilla Firefox | >=3.0<3.0.4 | |
Mozilla SeaMonkey | >=1.0<1.1.13 | |
Canonical Ubuntu Linux | =6.06 | |
Canonical Ubuntu Linux | =7.10 | |
Canonical Ubuntu Linux | =8.04 | |
Canonical Ubuntu Linux | =8.10 | |
Debian Debian Linux | =5.0 | |
Debian Debian Linux | =4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.