Launchpad.net

CVE 2008-0017

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

Related bugs and status

CVE-2008-0017 (Candidate) is related to these bugs:

Bug #297789: Seamonkey should be updated to 1.1.13

		In	Importance	Status
297789	Seamonkey should be updated to 1.1.13	seamonkey (Ubuntu)	Undecided	Fix Released
297789	Seamonkey should be updated to 1.1.13	seamonkey (Ubuntu Hardy)	Critical	Fix Released
297789	Seamonkey should be updated to 1.1.13	seamonkey (Ubuntu Intrepid)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.mozil...
CONFIRM: http://www.mozilla.org...
ISS: 20081113 Mozilla Unche...
MANDRIVA: MDVSA-2008:228
BID: 32281
FEDORA: FEDORA-2008-9669
SECUNIA: 32721
SUSE: SUSE-SA:2008:055
CERT: TA08-319A
DEBIAN: DSA-1669
SECUNIA: 32845
REDHAT: RHSA-2008:0977
REDHAT: RHSA-2008:0978
SECUNIA: 32693
SECUNIA: 32694
SECUNIA: 32695
SECUNIA: 32714
DEBIAN: DSA-1671
DEBIAN: DSA-1697
SECUNIA: 33433
SUNALERT: 256408
SECUNIA: 34501
VUPEN: ADV-2009-0977
SECTRACK: 1021185
VUPEN: ADV-2008-3146
FEDORA: FEDORA-2008-9667
MANDRIVA: MDVSA-2008:230
UBUNTU: USN-667-1
SECUNIA: 32684
SECUNIA: 32713
SECUNIA: 32778
SECUNIA: 32853
OVAL: oval:org.mitre.oval:de...