CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.0%
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x
before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13
does not check for an allocation failure, which allows remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code via
an HTTP index response with a crafted 200 header, which triggers memory
corruption and a buffer overflow.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | firefox | < 1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1 | UNKNOWN |
ubuntu | 7.10 | noarch | firefox | < 2.0.0.18+nobinonly-0ubuntu0.7.10 | UNKNOWN |
ubuntu | 8.04 | noarch | firefox | < 2.0.0.18+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | firefox | < 3.0.4+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | firefox | < 3.0.4+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 11.04 | noarch | firefox | < 3.0.4+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.04 | noarch | firefox-3.0 | < 3.0.4+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | firefox-3.0 | < 3.0.4+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |
ubuntu | 9.04 | noarch | firefox-3.0 | < 3.0.4+nobinonly-0ubuntu2 | UNKNOWN |
ubuntu | 8.04 | noarch | seamonkey | < 1.1.12+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |