CVE-2008-0420

Published

14 years ago

Last Modified

3 years ago

CVSSv2.0 Severity

High

Impact Analysis

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10..

CVSSv2.0 Score

Severity: High
Base Score: 9.3/10
Exploit Score: 8.6/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: None
Impact Score: 10/10
Confidentiality Impact: Complete
Availability Impact: Complete
Integrity Impact: Complete

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:mozilla:firefox:0.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:0.6:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.8:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:2.0.0.4:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:2.0.0.6:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.9:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.5.0.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.9:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.7:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.7:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:2.0.0.9:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.0:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.1:alpha::::::	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.0:alpha::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.9.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird::::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.5.0.14:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0:preview_release::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.9.3:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.6:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:2.0.0.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:0.7:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.8:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.7.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.6.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.5.0.13:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.5.0.12:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:0.9:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox::::::::	Yes	-	-
cpe:2.3:a:mozilla:seamonkey::::::::	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.9.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.3:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:2.0.0.0:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.5.0.9:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.0.8:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:0.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.1:beta::::::	Yes	-	-
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:2.0.0.10:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0.8:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:0.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*	Yes	-	-
cpe:2.3:a:mozilla:thunderbird:0.8:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*	Yes	-	-
cpe:2.3:a:mozilla:firefox:0.4:::::::*	Yes	-	-

References

Get started for free to scan for vulnerabilities

Companies of all sizes use Mageni Vulnerability Scanner. Is free for 7-days then $39 monthly regardless of how many IPs, scans, deployments or users you have. Cancel at Anytime and 7-days Money-Back Guarantee. Mageni contributes 1% of your subscription to removing CO₂ from the atmosphere.

Get Started For Free

CVE-2008-0420

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

CVSSv2.0 Score

Products Affected

References

Get started for free to scan for vulnerabilities

Product

Customer Service

Company

Compliance

CVE-2008-0420

CVE information

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

Products Affected

References

Get started for free to scan for vulnerabilities