CVE-2008-0420

Table of Contents

Impact:
Moderate
Public Date:
2008-02-07
Bugzilla:
431750: CVE-2008-0420 Mozilla information disclosure flaw

The MITRE CVE dictionary describes this issue as:

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

Find out more about CVE-2008-0420 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) RHSA-2008:0105 2008-02-08
Red Hat Enterprise Linux 5 (thunderbird) RHSA-2008:0105 2008-02-08
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2008:0104 2008-02-08
Red Hat Enterprise Linux 5 (firefox) RHSA-2008:0103 2008-02-08
Red Hat Enterprise Linux 4 (firefox) RHSA-2008:0103 2008-02-08
Red Hat Enterprise Linux 2.1 (seamonkey) RHSA-2008:0104 2008-02-08
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2008:0105 2008-02-08
Red Hat Enterprise Linux 4 (seamonkey) RHSA-2008:0104 2008-02-08
Last Modified

CVE description copyright © 2017, The MITRE Corporation