Unrated severityNVD Advisory· Published Nov 13, 2008· Updated Jun 16, 2026
CVE-2008-0017
CVE-2008-0017
Description
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: >=2.0,<2.0.0.18
- (no CPE)range: <3.0.4, <2.0.0.18
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*range: >=1.0,<1.1.13
- (no CPE)range: <1.1.13
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
33- lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.htmlnvdThird Party Advisory
- secunia.com/advisories/32684nvdThird Party Advisory
- secunia.com/advisories/32693nvdThird Party Advisory
- secunia.com/advisories/32694nvdThird Party Advisory
- secunia.com/advisories/32695nvdThird Party Advisory
- secunia.com/advisories/32713nvdThird Party Advisory
- secunia.com/advisories/32714nvdThird Party Advisory
- secunia.com/advisories/32721nvdThird Party Advisory
- secunia.com/advisories/32778nvdThird Party Advisory
- secunia.com/advisories/32845nvdThird Party Advisory
- secunia.com/advisories/32853nvdThird Party Advisory
- secunia.com/advisories/33433nvdThird Party Advisory
- secunia.com/advisories/34501nvdThird Party Advisory
- ubuntu.com/usn/usn-667-1nvdThird Party Advisory
- www.debian.org/security/2008/dsa-1669nvdThird Party Advisory
- www.debian.org/security/2008/dsa-1671nvdThird Party Advisory
- www.debian.org/security/2009/dsa-1697nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mozilla.org/security/announce/2008/mfsa2008-54.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2008-0977.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0978.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/32281nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA08-319A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2008/3146nvdThird Party Advisory
- www.vupen.com/english/advisories/2009/0977nvdThird Party Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingVendor Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11005nvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.htmlnvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.htmlnvdThird Party Advisory
- sunsolve.sun.com/search/document.donvdBroken Link
- www.iss.net/threats/311.htmlnvdBroken Link
News mentions
0No linked articles in our index yet.