CVE-2008-0017 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2008-0017?

CVE-2008-0017 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-0017?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	>= 2.0, < 2.0.0.18
Mozilla	Seamonkey	>= 1.0, < 1.1.13
Canonical	Ubuntu Linux	6.06
Debian	Debian Linux	4.0

Related Weaknesses (CWE)

CWE-119

References

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.htmlThird Party Advisory
http://secunia.com/advisories/32684Third Party Advisory
http://secunia.com/advisories/32693Third Party Advisory
http://secunia.com/advisories/32694Third Party Advisory
http://secunia.com/advisories/32695Third Party Advisory
http://secunia.com/advisories/32713Third Party Advisory
http://secunia.com/advisories/32714Third Party Advisory
http://secunia.com/advisories/32721Third Party Advisory
http://secunia.com/advisories/32778Third Party Advisory
http://secunia.com/advisories/32845Third Party Advisory
http://secunia.com/advisories/32853Third Party Advisory
http://secunia.com/advisories/33433Third Party Advisory
http://secunia.com/advisories/34501Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1Broken Link
http://ubuntu.com/usn/usn-667-1Third Party Advisory

FAQ

What is CVE-2008-0017?

CVE-2008-0017 is a vulnerability with a CVSS score of 9.3 (HIGH). The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allo...

How severe is CVE-2008-0017?

CVE-2008-0017 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-0017?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Canonical Ubuntu Linux, Debian Debian Linux.