CVE-2008-0017

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

• CWE-119

• http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.htmlThird Party Advisory
• http://secunia.com/advisories/32684Third Party Advisory
• http://secunia.com/advisories/32693Third Party Advisory
• http://secunia.com/advisories/32694Third Party Advisory
• http://secunia.com/advisories/32695Third Party Advisory
• http://secunia.com/advisories/32713Third Party Advisory
• http://secunia.com/advisories/32714Third Party Advisory
• http://secunia.com/advisories/32721Third Party Advisory
• http://secunia.com/advisories/32778Third Party Advisory
• http://secunia.com/advisories/32845Third Party Advisory
• http://secunia.com/advisories/32853Third Party Advisory
• http://secunia.com/advisories/33433Third Party Advisory
• http://secunia.com/advisories/34501Third Party Advisory
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1Broken Link
• http://ubuntu.com/usn/usn-667-1Third Party Advisory
• http://www.debian.org/security/2008/dsa-1669Third Party Advisory
• http://www.debian.org/security/2008/dsa-1671Third Party Advisory
• http://www.debian.org/security/2009/dsa-1697Third Party Advisory
• http://www.iss.net/threats/311.htmlBroken Link
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:228Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:230Third Party Advisory
• http://www.mozilla.org/security/announce/2008/mfsa2008-54.htmlVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0977.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0978.htmlThird Party Advisory
• http://www.securityfocus.com/bid/32281Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id?1021185Third Party Advisory, VDB Entry
• http://www.us-cert.gov/cas/techalerts/TA08-319A.htmlThird Party Advisory, US Government Resource
• http://www.vupen.com/english/advisories/2008/3146Third Party Advisory
• http://www.vupen.com/english/advisories/2009/0977Third Party Advisory
• https://bugzilla.mozilla.org/show_bug.cgi?id=443299Issue Tracking, Vendor Advisory
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11005Third Party Advisory
• https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.htmlThird Party Advisory
• https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.htmlThird Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.htmlThird Party Advisory
• http://secunia.com/advisories/32684Third Party Advisory
• http://secunia.com/advisories/32693Third Party Advisory
• http://secunia.com/advisories/32694Third Party Advisory
• http://secunia.com/advisories/32695Third Party Advisory
• http://secunia.com/advisories/32713Third Party Advisory
• http://secunia.com/advisories/32714Third Party Advisory
• http://secunia.com/advisories/32721Third Party Advisory
• http://secunia.com/advisories/32778Third Party Advisory
• http://secunia.com/advisories/32845Third Party Advisory
• http://secunia.com/advisories/32853Third Party Advisory
• http://secunia.com/advisories/33433Third Party Advisory
• http://secunia.com/advisories/34501Third Party Advisory
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1Broken Link
• http://ubuntu.com/usn/usn-667-1Third Party Advisory
• http://www.debian.org/security/2008/dsa-1669Third Party Advisory
• http://www.debian.org/security/2008/dsa-1671Third Party Advisory
• http://www.debian.org/security/2009/dsa-1697Third Party Advisory
• http://www.iss.net/threats/311.htmlBroken Link
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:228Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:230Third Party Advisory
• http://www.mozilla.org/security/announce/2008/mfsa2008-54.htmlVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0977.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0978.htmlThird Party Advisory
• http://www.securityfocus.com/bid/32281Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id?1021185Third Party Advisory, VDB Entry
• http://www.us-cert.gov/cas/techalerts/TA08-319A.htmlThird Party Advisory, US Government Resource
• http://www.vupen.com/english/advisories/2008/3146Third Party Advisory
• http://www.vupen.com/english/advisories/2009/0977Third Party Advisory
• https://bugzilla.mozilla.org/show_bug.cgi?id=443299Issue Tracking, Vendor Advisory
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11005Third Party Advisory
• https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.htmlThird Party Advisory
• https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.htmlThird Party Advisory

Published

Nov 13, 2008

Last Modified

Jun 16, 2026

Status

Modified