FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-0420

This CVE name corresponds to:

Entered	Topic
2008-02-22	mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-0420 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-0420
Phase	Assigned(20080123)

Description

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

References

Source	Reference
BUGTRAQ	20080216 [HISPASEC] FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak, FireFox 2.0.0.11 Remote Denial of Service
CONFIRM	http://www.mozilla.org/security/announce/2008/mfsa2008-07.html
CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=408076
CONFIRM	http://browser.netscape.com/releasenotes/
FEDORA	FEDORA-2008-2060
FEDORA	FEDORA-2008-2118
GENTOO	GLSA-200805-18
MANDRIVA	MDVSA-2008:048
SUNALERT	238492
UBUNTU	USN-576-1
UBUNTU	USN-582-1
UBUNTU	USN-582-2
BID	27826
OVAL	oval:org.mitre.oval:def:10119
VUPEN	ADV-2008-0627
VUPEN	ADV-2008-1793
SECTRACK	1019434
SECUNIA	28839
SECUNIA	29049
SECUNIA	28758
SECUNIA	29167
SECUNIA	29098
SECUNIA	30327
SECUNIA	30620
XF	firefox-bmp-information-disclosure(40491)
XF	firefox-bmp-dos(40606)