CVE-2008-0420 Information

Description

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12 Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

Reference

http://browser.netscape.com/releasenotes/ http://secunia.com/advisories/28758 http://secunia.com/advisories/28839 http://secunia.com/advisories/29049 http://secunia.com/advisories/29098 http://secunia.com/advisories/29167 http://secunia.com/advisories/30327 http://secunia.com/advisories/30620 http://securitytracker.com/id?1019434 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1 http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:048 http://www.mozilla.org/security/announce/2008/mfsa2008-07.html http://www.securityfocus.com/archive/1/488264/100/0/threaded http://www.securityfocus.com/bid/27826 http://www.ubuntu.com/usn/usn-582-1 http://www.ubuntu.com/usn/usn-582-2 http://www.vupen.com/english/advisories/2008/0627/references http://www.vupen.com/english/advisories/2008/1793/references https://bugzilla.mozilla.org/show_bug.cgi?id=408076 https://exchange.xforce.ibmcloud.com/vulnerabilities/40491 https://exchange.xforce.ibmcloud.com/vulnerabilities/40606 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10119 https://usn.ubuntu.com/576-1/ https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html