Title: UTF-8 URL stack buffer overflow
Impact: Critical
Announced: September 23, 2008
Reporter: Justin Schuh, Tom Cross, Peter William
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 2.0.0.17
Thunderbird 2.0.0.17
SeaMonkey 1.1.12
Description

Justin Schuh and Tom Cross of the IBM X-Force and Peter Williams of IBM Watson Labs reported errors in Mozilla URL parsing routines. These errors could be exploited using a specially crafted UTF-8 URL in a hyperlink which could overflow a stack buffer and allow an attacker to execute arbitrary code.

Firefox 3 is not affected by this issue
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=443288
* https://bugzilla.mozilla.org/show_bug.cgi?id=451617
* CVE-2008-0016

cve 1

veracode 1

checkpoint_advisories 2

saint 4

packetstorm 1

canvas 1

seebug 3

prion 1

mozilla 1

exploitpack 1

ubuntucve 1

exploitdb 1

openvas 61

nessus 38

fedora 4

oraclelinux 2

redhat 2

centos 3

debian 4

securityvulns 1

freebsd 1

osv 4

ubuntu 3

suse 2

gentoo 1

cve

CVE-2008-0016

2008-09-24 20:37:00

veracode

Arbitrary Code Execution

2020-04-10 00:25:28

checkpoint_advisories

Firefox HTML URL Unicode Stack Buffer Overflow - Ver2 (CVE-2008-0016)

2014-03-03 00:00:00

Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow - Improved Performance (CVE-2008-0016)

2009-12-13 00:00:00

saint

Mozilla Firefox UTF-8 URL buffer overflow

2008-12-31 00:00:00

Mozilla Firefox UTF-8 URL buffer overflow

2008-12-31 00:00:00

Mozilla Firefox UTF-8 URL buffer overflow

2008-12-31 00:00:00

packetstorm

Mozilla Firefox 2.0.0.16 Buffer Overflow

2009-09-15 00:00:00

canvas

Immunity Canvas: FIREFOX_UTF8

2008-09-24 20:37:00

seebug

Mozilla Firefox/SeaMonkey UTF-8基于栈的缓冲区溢出漏洞

2008-09-27 00:00:00

Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit

2009-09-16 00:00:00

Mozilla Firefox/SeaMonkey/Thunderbird多个远程漏洞

2008-09-25 00:00:00

prion

Stack overflow

2008-09-24 20:37:00

mozilla

UTF-8 URL stack buffer overflow — Mozilla

2008-09-23 00:00:00

exploitpack

Mozilla Firefox 2.0.0.16 - UTF-8 URL Remote Buffer Overflow

2009-09-14 00:00:00

ubuntucve

CVE-2008-0016

2008-09-24 00:00:00

exploitdb

Mozilla Firefox 2.0.0.16 - UTF-8 URL Remote Buffer Overflow

2009-09-14 00:00:00

openvas

Mandriva Update for mozilla-thunderbird MDVSA-2008:206 (mozilla-thunderbird)

2009-04-09 00:00:00

Mandriva Update for mozilla-thunderbird MDVSA-2008:206 (mozilla-thunderbird)

2009-04-09 00:00:00

RedHat Update for thunderbird RHSA-2008:0908-01

2009-03-06 00:00:00

nessus

Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64

2012-08-01 00:00:00

Oracle Linux 4 : thunderbird (ELSA-2008-0908)

2013-07-12 00:00:00

Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:206)

2009-04-23 00:00:00

fedora

[SECURITY] Fedora 9 Update: seamonkey-1.1.12-1.fc9

2008-09-28 18:44:23

[SECURITY] Fedora 8 Update: seamonkey-1.1.12-1.fc8

2008-09-28 18:41:42

[SECURITY] Fedora 8 Update: thunderbird-2.0.0.18-1.fc8

2008-11-21 10:57:04

oraclelinux

thunderbird security update

2008-10-01 00:00:00

seamonkey security update

2008-09-24 00:00:00

redhat

(RHSA-2008:0908) Moderate: thunderbird security update

2008-10-01 00:00:00

(RHSA-2008:0882) Critical: seamonkey security update

2008-09-23 00:00:00

centos

thunderbird security update

2008-10-03 18:55:22

seamonkey security update

2008-09-24 23:08:13

seamonkey security update

2008-09-24 14:22:25

debian

[SECURITY] [DSA 1649-1] New iceweasel packages fix several vulnerabilities

2008-10-08 20:15:55

[SECURITY] [DSA 1669-1] New xulrunner packages fix several vulnerabilities

2008-11-23 20:29:40

[SECURITY] [DSA 1696-1] New icedove packages fix several vulnerabilities

2009-01-07 21:32:09

securityvulns

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

2008-09-30 00:00:00

freebsd

mozilla -- multiple vulnerabilities

2008-09-24 00:00:00

osv

iceweasel - several vulnerabilities

2008-10-08 00:00:00

xulrunner - several vulnerabilities

2008-11-23 00:00:00

icedove - several vulnerabilities

2009-01-07 00:00:00

ubuntu

Firefox and xulrunner vulnerabilities

2008-09-24 00:00:00

Firefox and xulrunner regression

2008-09-25 00:00:00

Firefox vulnerabilities

2008-09-24 00:00:00

suse

remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey,mozilla

2008-10-08 17:24:56

Firefox update to 31.1esr (important)

2014-09-09 18:04:16

gentoo

Mozilla Products: Multiple vulnerabilities

2013-01-08 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for SECURITYVULNS:DOC:20585