CVE-2008-0017: Buffer Overflow
First published: Thu Nov 13 2008(Updated: )
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | >=2.0<2.0.0.18 | |
| Mozilla Firefox | >=3.0<3.0.4 | |
| Mozilla SeaMonkey | >=1.0<1.1.13 | |
| Ubuntu Linux | =6.06 | |
| Ubuntu Linux | =7.10 | |
| Ubuntu Linux | =8.04 | |
| Ubuntu Linux | =8.10 | |
| Debian GNU/Linux | =4.0 | |
| Debian GNU/Linux | =5.0 | |
| Mozilla Firefox and Thunderbird | >=2.0<2.0.0.18 | |
| Mozilla Firefox and Thunderbird | >=3.0<3.0.4 | |
| Debian | =5.0 | |
| Debian | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=443299
- http://www.mozilla.org/security/announce/2008/mfsa2008-54.html
- http://www.iss.net/threats/311.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
- http://www.securityfocus.com/bid/32281
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
- http://secunia.com/advisories/32721
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
- http://www.us-cert.gov/cas/techalerts/TA08-319A.html
- http://secunia.com/advisories/32845
- http://www.debian.org/security/2008/dsa-1669
- http://secunia.com/advisories/32693
- http://www.redhat.com/support/errata/RHSA-2008-0978.html
- http://secunia.com/advisories/32694
- http://secunia.com/advisories/32714
- http://secunia.com/advisories/32695
- http://www.redhat.com/support/errata/RHSA-2008-0977.html
- http://www.debian.org/security/2008/dsa-1671
- http://www.debian.org/security/2009/dsa-1697
- http://secunia.com/advisories/33433
- http://secunia.com/advisories/34501
- http://www.vupen.com/english/advisories/2009/0977
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
- http://www.securitytracker.com/id?1021185
- http://www.vupen.com/english/advisories/2008/3146
- http://secunia.com/advisories/32684
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:230
- http://secunia.com/advisories/32713
- http://ubuntu.com/usn/usn-667-1
- http://secunia.com/advisories/32853
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
- http://secunia.com/advisories/32778
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11005
Frequently Asked Questions
What is the severity of CVE-2008-0017?
CVE-2008-0017 is classified as a high severity vulnerability due to its potential to cause a denial of service and possible arbitrary code execution.
How do I fix CVE-2008-0017?
To fix CVE-2008-0017, update your Firefox or SeaMonkey browser to the latest version available that addresses this vulnerability.
What versions are affected by CVE-2008-0017?
CVE-2008-0017 affects Firefox versions before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey before 1.1.13.
Can CVE-2008-0017 be exploited remotely?
Yes, CVE-2008-0017 can be exploited remotely by attackers to crash affected browsers or potentially execute arbitrary code.
Is there a specific platform that CVE-2008-0017 affects?
CVE-2008-0017 affects various operating systems, including multiple versions of Ubuntu Linux and Debian Linux, alongside specific versions of Firefox and SeaMonkey.
- agent/type
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/2.0
- version/mozilla firefox/3.0
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/6.06
- version/ubuntu linux/7.10
- version/ubuntu linux/8.04
- version/ubuntu linux/8.10
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/4.0
- version/debian gnu/linux/5.0
- canonical/mozilla firefox and thunderbird
- version/mozilla firefox and thunderbird/2.0
- version/mozilla firefox and thunderbird/3.0
- canonical/debian
- version/debian/5.0
- version/debian/4.0