CVE-2008-0420Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure12 documents6 sources
Severity
9.3CRITICALNVD
NVD7.8NVD6.8
EPSS
2.8%
top 13.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedFeb 12
Latest updateMay 1

Description

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file th

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox2.0.0.11+34
NVDmozilla/seamonkey1.1.7+13
NVDmozilla/thunderbird2.0.0.11+25
NVDopera/opera_browser9.24+48

🔴Vulnerability Details

3
GHSA
GHSA-993f-87r7-p76m: Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitma2022-05-01
GHSA
GHSA-3m39-96f9-rqqr: Opera before 92022-05-01
GHSA
GHSA-6cgj-54pv-ggm2: modules/libpr0n/decoders/bmp/nsBMPDecoder2022-05-01

💥Exploits & PoCs

1
Exploit-DB
Joomla! Component RD-Autos 1.5.5 - SQL Injection2009-01-15

📋Vendor Advisories

4
Ubuntu
Thunderbird regression2008-03-06
Ubuntu
Thunderbird vulnerabilities2008-02-29
Ubuntu
Firefox vulnerabilities2008-02-08
Red Hat
Mozilla information disclosure flaw2008-02-07

💬Community

1
Bugzilla
CVE-2008-0420 Mozilla information disclosure flaw2008-02-06
CVE-2008-0420 — Sensitive Information Exposure | cvebase