Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0016Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer Overflow9 documents7 sources
Severity
10.0CRITICALNVD
EPSS
47.8%
top 2.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedSep 24
Latest updateMay 1

Description

Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDmozilla/firefox2.0.0.16+47
NVDmozilla/seamonkey1.1.11+14

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-7683-prf8-wx5w: Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 22022-05-01
CVEList
CVE-2008-0016: Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 22008-09-24

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 2.0.0.16 - UTF-8 URL Remote Buffer Overflow2009-09-14

📋Vendor Advisories

4
Ubuntu
Firefox and xulrunner regression2008-09-25
Ubuntu
Firefox vulnerabilities2008-09-24
Ubuntu
Firefox and xulrunner vulnerabilities2008-09-24
Red Hat
Mozilla UTF-8 stack buffer overflow2008-09-23

💬Community

1
Bugzilla
CVE-2008-0016 Mozilla UTF-8 stack buffer overflow2008-09-22
CVE-2008-0016 — Mozilla Firefox vulnerability | cvebase