CVE-2008-0017 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-0017 Interim 1 11 2025-11-05T06:16:50Z current 2021-05-30T12:41:25Z 2025-11-05T06:16:50Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-0017 The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7SM6VOPQZCMJZEWQJBG42GCCXMJKKVXN/#7SM6VOPQZCMJZEWQJBG42GCCXMJKKVXN E-Mail link for SUSE-SA:2008:055 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 6 MozillaFirefox MozillaFirefox as a component of SUSE Enterprise Storage 6 The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-0017 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C