New Search

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4 Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header which triggers memory corruption and a buffer overflow.

oval:org.mitre.oval:def:11005

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4 Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header which triggers memory corruption and a buffer overflow.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 3
  • Red Hat Enterprise Linux 3
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
  • Oracle Linux 5
  • CentOS Linux 5
  • CentOS Linux 4
  • Red Hat Enterprise Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2008-0017
Product(s):