Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2008-0420

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 12 Ρ„Π΅Π². 2008
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: low
EPSS Низкий
CVSS2: 9.3

ОписаниС

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
dapper

released

1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1
devel

DNE

edgy

released

2.0.0.12+0nobinonly+2-0ubuntu0.6.10
feisty

released

2.0.0.12+1nobinonly+2-0ubuntu0.7.4
gutsy

released

2.0.0.12+2nobinonly+2-0ubuntu0.7.10
hardy

released

2.0.0.12+2nobinonly+2-0ubuntu3
intrepid

DNE

upstream

released

2.0.0.12

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
dapper

DNE

devel

DNE

edgy

DNE

feisty

DNE

gutsy

ignored

end of life, was needs-triage
hardy

DNE

intrepid

DNE

upstream

needs-triage

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
dapper

DNE

devel

DNE

edgy

DNE

feisty

DNE

gutsy

DNE

hardy

DNE

intrepid

DNE

upstream

needs-triage

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
dapper

DNE

devel

DNE

edgy

DNE

feisty

DNE

gutsy

DNE

hardy

DNE

intrepid

DNE

upstream

needs-triage

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
dapper

released

1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.0
devel

DNE

edgy

released

1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.0
feisty

released

1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0
gutsy

DNE

hardy

DNE

intrepid

DNE

upstream

released

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
dapper

DNE

devel

released

1.1.9+nobinonly-0ubuntu1
edgy

DNE

feisty

DNE

gutsy

DNE

hardy

released

1.1.9+nobinonly-0ubuntu1
intrepid

released

1.1.9+nobinonly-0ubuntu1
upstream

needs-triage

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
dapper

DNE

devel

released

2.0.0.12+nobinonly-0ubuntu1
edgy

DNE

feisty

DNE

gutsy

released

2.0.0.12+nobinonly-0ubuntu0.7.10.0
hardy

released

2.0.0.12+nobinonly-0ubuntu1
intrepid

released

2.0.0.12+nobinonly-0ubuntu1
upstream

released

2.0.0.12

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
dapper

DNE

devel

released

1.8.1.13+nobinonly-0ubuntu1
edgy

ignored

end of life, was needs-triage
feisty

ignored

end of life, was needs-triage
gutsy

released

1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1
hardy

released

1.8.1.13+nobinonly-0ubuntu1
intrepid

released

1.8.1.13+nobinonly-0ubuntu1
upstream

released

1.8.1.13

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 84%
0.02102
Низкий

9.3 Critical

CVSS2

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2008-0420

redhat
ΠΏΠΎΡ‡Ρ‚ΠΈ 18 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2008-0420

nvd
ΠΏΠΎΡ‡Ρ‚ΠΈ 18 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2008-0420

debian
ΠΏΠΎΡ‡Ρ‚ΠΈ 18 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox befor ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-6cgj-54pv-ggm2

github
ΠΏΠΎΡ‡Ρ‚ΠΈ 4 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

oracle-oval Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

ELSA-2008-0103

oracle-oval
ΠΏΠΎΡ‡Ρ‚ΠΈ 18 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

ELSA-2008-0103: Critical: firefox security update (CRITICAL)

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 84%
0.02102
Низкий

9.3 Critical

CVSS2

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2008-0420