Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2008-0017

Опубликовано: 13 нояб. 2008
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 9.3

Описание

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

РелизСтатусПримечание
dapper

released

1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1
devel

released

3.0.4+nobinonly-0ubuntu0.8.04.1
gutsy

released

2.0.0.18+nobinonly-0ubuntu0.7.10
hardy

released

2.0.0.18+nobinonly-0ubuntu0.8.04.1
intrepid

DNE

jaunty

DNE

karmic

DNE

lucid

released

3.0.4+nobinonly-0ubuntu0.8.04.1
maverick

released

3.0.4+nobinonly-0ubuntu0.8.04.1
natty

released

3.0.4+nobinonly-0ubuntu0.8.04.1

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

gutsy

ignored

end of life, was needed
hardy

released

3.0.4+nobinonly-0ubuntu0.8.04.1
intrepid

released

3.0.4+nobinonly-0ubuntu0.8.10.1
jaunty

released

3.0.4+nobinonly-0ubuntu2
karmic

DNE

lucid

DNE

maverick

DNE

natty

DNE

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

gutsy

ignored

end of life, was needed
hardy

DNE

intrepid

DNE

jaunty

DNE

karmic

DNE

lucid

DNE

maverick

DNE

natty

DNE

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

gutsy

DNE

hardy

DNE

intrepid

DNE

jaunty

DNE

karmic

DNE

lucid

DNE

maverick

DNE

natty

DNE

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

1.1.13+nobinonly-0ubuntu1
gutsy

DNE

hardy

released

1.1.12+nobinonly-0ubuntu0.8.04.1
intrepid

released

1.1.12+nobinonly-0ubuntu1
jaunty

released

1.1.13+nobinonly-0ubuntu1
karmic

released

1.1.13+nobinonly-0ubuntu1
lucid

released

1.1.13+nobinonly-0ubuntu1
maverick

released

1.1.13+nobinonly-0ubuntu1
natty

released

1.1.13+nobinonly-0ubuntu1

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

gutsy

released

1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1
hardy

released

1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1
intrepid

released

1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1
jaunty

ignored

end of life
karmic

ignored

end of life
lucid

DNE

maverick

DNE

natty

DNE

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

gutsy

ignored

end of life, was needed
hardy

released

1.9.0.4+nobinonly-0ubuntu0.8.04.1
intrepid

released

1.9.0.4+nobinonly-0ubuntu0.8.10.1
jaunty

released

1.9.0.4+nobinonly-0ubuntu1
karmic

DNE

lucid

DNE

maverick

DNE

natty

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 91%
0.0709
Низкий

9.3 Critical

CVSS2

Связанные уязвимости

redhat логотип

CVE-2008-0017

redhat
больше 16 лет назад

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

nvd логотип

CVE-2008-0017

nvd
больше 16 лет назад

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

debian логотип

CVE-2008-0017

debian
больше 16 лет назад

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3 ...

github логотип

GHSA-4386-5g32-qp3p

github
около 3 лет назад

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

oracle-oval логотип

ELSA-2008-0978

oracle-oval
больше 16 лет назад

ELSA-2008-0978: firefox security update (CRITICAL)

EPSS

Процентиль: 91%
0.0709
Низкий

9.3 Critical

CVSS2

Уязвимость CVE-2008-0017