Home > Vulnerability Database > CVE-2008-0017

Mend.io Vulnerability Database

CVE-2008-0017

Date: November 13, 2008

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

Severity Score

8.1

Related Resources (37)

Url: http://secunia.com/advisories/32695

Url: http://secunia.com/advisories/32694

Url: http://www.debian.org/security/2009/dsa-1697

Url: http://secunia.com/advisories/32693

Url: https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

Url: http://secunia.com/advisories/32714

Url: http://secunia.com/advisories/32713

Url: http://www.redhat.com/support/errata/RHSA-2008-0978.html

Url: http://secunia.com/advisories/32778

Url: http://secunia.com/advisories/32853

Url: https://access.redhat.com/security/cve/CVE-2008-0017

Url: http://www.securityfocus.com/bid/32281

Url: http://www.us-cert.gov/cas/techalerts/TA08-319A.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

Url: http://ubuntu.com/usn/usn-667-1

Url: http://www.vupen.com/english/advisories/2009/0977

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11005

Url: http://www.redhat.com/support/errata/RHSA-2008-0977.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-0017

Url: http://www.debian.org/security/2008/dsa-1669

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=443299

Url: http://secunia.com/advisories/33433

Url: http://secunia.com/advisories/32684

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-54.html

Url: http://secunia.com/advisories/34501

Url: http://www.securitytracker.com/id?1021185

Url: http://www.debian.org/security/2008/dsa-1671

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

Url: http://secunia.com/advisories/32845

Url: http://secunia.com/advisories/32721

Url: http://www.iss.net/threats/311.html

Url: http://www.vupen.com/english/advisories/2008/3146

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Url: http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-0017

Url: https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

Url: https://www.mend.io/vulnerability-database/CVE-2008-0017

Severity Score

8.1

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-0017

Date: November 13, 2008

Severity Score

Related Resources (37)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?