Home > Vulnerability Database > CVE-2008-0420

Mend.io Vulnerability Database

CVE-2008-0420

Date: February 11, 2008

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

Severity Score

8.1

Related Resources (30)

Url: http://secunia.com/advisories/29167

Url: http://www.vupen.com/english/advisories/2008/0627/references

Url: http://browser.netscape.com/releasenotes/

Url: http://www.securityfocus.com/bid/27826

Url: http://www.ubuntu.com/usn/usn-582-2

Url: http://www.ubuntu.com/usn/usn-582-1

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=408076

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10119

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-0420

Url: http://secunia.com/advisories/29098

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-0420

Url: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html

Url: http://www.vupen.com/english/advisories/2008/1793/references

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-07.html

Url: https://usn.ubuntu.com/576-1/

Url: https://access.redhat.com/security/cve/CVE-2008-0420

Url: http://secunia.com/advisories/30327

Url: http://www.securityfocus.com/archive/1/488264/100/0/threaded

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/40606

Url: http://securitytracker.com/id?1019434

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:048

Url: http://secunia.com/advisories/30620

Url: http://secunia.com/advisories/28839

Url: http://secunia.com/advisories/28758

Url: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html

Url: http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/40491

Url: http://secunia.com/advisories/29049

Url: https://www.mend.io/vulnerability-database/CVE-2008-0420

Severity Score

8.1

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-0420

Date: February 11, 2008

Severity Score

Related Resources (30)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?