Mozilla Firefox "200 header" Code Execution Vulnerability
Data de publicação: 21 julho 2015
Schweregrad: : Crítico
Identificador(es) CVE: : CVE-2008-0017
Data do informe: 21 julho 2015
Descrição
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1003051
Software infectado e versão:
- mozilla firefox 2.0
- mozilla firefox 2.0.0.1
- mozilla firefox 2.0.0.10
- mozilla firefox 2.0.0.11
- mozilla firefox 2.0.0.12
- mozilla firefox 2.0.0.13
- mozilla firefox 2.0.0.14
- mozilla firefox 2.0.0.15
- mozilla firefox 2.0.0.16
- mozilla firefox 2.0.0.17
- mozilla firefox 2.0.0.2
- mozilla firefox 2.0.0.3
- mozilla firefox 2.0.0.4
- mozilla firefox 2.0.0.5
- mozilla firefox 2.0.0.6
- mozilla firefox 2.0.0.7
- mozilla firefox 2.0.0.8
- mozilla firefox 2.0.0.9
- mozilla firefox 3.0
- mozilla firefox 3.0.1
- mozilla firefox 3.0.2
- mozilla firefox 3.0.3
- mozilla seamonkey 1.0
- mozilla seamonkey 1.0.1
- mozilla seamonkey 1.0.2
- mozilla seamonkey 1.0.3
- mozilla seamonkey 1.0.4
- mozilla seamonkey 1.0.5
- mozilla seamonkey 1.0.6
- mozilla seamonkey 1.0.7
- mozilla seamonkey 1.0.8
- mozilla seamonkey 1.0.9
- mozilla seamonkey 1.1
- mozilla seamonkey 1.1.1
- mozilla seamonkey 1.1.10
- mozilla seamonkey 1.1.11
- mozilla seamonkey 1.1.12
- mozilla seamonkey 1.1.2
- mozilla seamonkey 1.1.3
- mozilla seamonkey 1.1.4
- mozilla seamonkey 1.1.5
- mozilla seamonkey 1.1.6
- mozilla seamonkey 1.1.7
- mozilla seamonkey 1.1.8
- mozilla seamonkey 1.1.9