CVE-2008-0420

NONECVSS 0.0

0.0

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

🔗 References (52)

secalert@redhathttp://browser.netscape.com/releasenotes/
secalert@redhathttp://secunia.com/advisories/28758
secalert@redhathttp://secunia.com/advisories/28839
secalert@redhathttp://secunia.com/advisories/29049
secalert@redhathttp://secunia.com/advisories/29098
secalert@redhathttp://secunia.com/advisories/29167
secalert@redhathttp://secunia.com/advisories/30327
secalert@redhathttp://secunia.com/advisories/30620
secalert@redhathttp://securitytracker.com/id?1019434
secalert@redhathttp://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
secalert@redhathttp://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
secalert@redhathttp://www.mandriva.com/security/advisories?name=MDVSA-2008:048
secalert@redhathttp://www.mozilla.org/security/announce/2008/mfsa2008-07.html
secalert@redhathttp://www.securityfocus.com/archive/1/488264/100/0/threaded
secalert@redhathttp://www.securityfocus.com/bid/27826

Is Your Infrastructure Affected by CVE-2008-0420?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-0420

📅 Published

🔄 Last Modified

🔗 References (52)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-0420?