Lucene search

K

PRIOn knowledge basePRION:CVE-2008-0420

HistoryFeb 12, 2008 - 3:00 a.m.

Out-of-bounds

2008-02-1203:00:00

PRIOn knowledge base

www.prio-n.com

4

6.5 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.07 Low

EPSS

Percentile

93.8%

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

CPENameOperatorVersion
firefoxeq0.1
firefoxeq0.8
firefoxeq1.5.0.6
firefoxeq2.0.0.2
firefoxeq1.5.0.10
firefoxeq1.5
firefoxeq0.9.1
firefoxeq2.0.0.7
firefoxeq2.0.0.9
firefoxeq0.9

Rows per page:

1-10 of 801

References

browser.netscape.com/releasenotes/

secunia.com/advisories/28758

secunia.com/advisories/28839

secunia.com/advisories/29049

secunia.com/advisories/29098

secunia.com/advisories/29167

secunia.com/advisories/30327

secunia.com/advisories/30620

securitytracker.com/id?1019434

sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

www.gentoo.org/security/en/glsa/glsa-200805-18.xml

www.mandriva.com/security/advisories?name=MDVSA-2008:048

www.mozilla.org/security/announce/2008/mfsa2008-07.html

www.securityfocus.com/archive/1/488264/100/0/threaded

www.securityfocus.com/bid/27826

www.ubuntu.com/usn/usn-582-1

www.ubuntu.com/usn/usn-582-2

www.vupen.com/english/advisories/2008/0627/references

www.vupen.com/english/advisories/2008/1793/references

bugzilla.mozilla.org/show_bug.cgi?id=408076

exchange.xforce.ibmcloud.com/vulnerabilities/40491

exchange.xforce.ibmcloud.com/vulnerabilities/40606

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10119

usn.ubuntu.com/576-1/

www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html

6.5 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.07 Low

EPSS

Percentile

93.8%

Related for PRION:CVE-2008-0420

securityvulns2 ubuntucve2 cve3 mozilla1 prion2 seebug1 openvas22 ubuntu3 nessus20 fedora2 centos4 oraclelinux3 redhat3 freebsd1 osv2 gentoo1