{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2008-0017","title":"Title"},{"category":"description","text":"The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2008-0017","url":"https://www.suse.com/security/cve/CVE-2008-0017"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 439841 for CVE-2008-0017","url":"https://bugzilla.suse.com/439841"},{"category":"external","summary":"SUSE Bug 445573 for CVE-2008-0017","url":"https://bugzilla.suse.com/445573"},{"category":"external","summary":"Advisory link for SUSE-SA:2008:055","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7SM6VOPQZCMJZEWQJBG42GCCXMJKKVXN/#7SM6VOPQZCMJZEWQJBG42GCCXMJKKVXN"}],"title":"SUSE CVE CVE-2008-0017","tracking":{"current_release_date":"2025-08-04T23:38:01Z","generator":{"date":"2023-02-15T06:09:31Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2008-0017","initial_release_date":"2023-02-15T06:09:31Z","revision_history":[{"date":"2023-02-15T06:09:31Z","number":"2","summary":"Current version"},{"date":"2023-12-08T05:17:22Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:39:32Z","number":"4","summary":"Current version"},{"date":"2025-03-17T03:05:29Z","number":"5","summary":"Current version"},{"date":"2025-08-04T23:38:01Z","number":"6","summary":"Current version"}],"status":"interim","version":"6"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Enterprise Storage 6","product":{"name":"SUSE Enterprise Storage 6","product_id":"SUSE Enterprise Storage 6","product_identification_helper":{"cpe":"cpe:/o:suse:ses:6"}}},{"category":"product_version","name":"MozillaFirefox","product":{"name":"MozillaFirefox","product_id":"MozillaFirefox","product_identification_helper":{"cpe":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/MozillaFirefox@?upstream=MozillaFirefox.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"MozillaFirefox as component of SUSE Enterprise Storage 6","product_id":"SUSE Enterprise Storage 6:MozillaFirefox"},"product_reference":"MozillaFirefox","relates_to_product_reference":"SUSE Enterprise Storage 6"}]},"vulnerabilities":[{"cve":"CVE-2008-0017","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2008-0017"}],"notes":[{"category":"general","text":"The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.","title":"CVE description"}],"product_status":{"known_affected":["SUSE Enterprise Storage 6:MozillaFirefox"]},"references":[{"category":"external","summary":"CVE-2008-0017","url":"https://www.suse.com/security/cve/CVE-2008-0017"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 439841 for CVE-2008-0017","url":"https://bugzilla.suse.com/439841"},{"category":"external","summary":"SUSE Bug 445573 for CVE-2008-0017","url":"https://bugzilla.suse.com/445573"},{"category":"external","summary":"Advisory link for SUSE-SA:2008:055","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7SM6VOPQZCMJZEWQJBG42GCCXMJKKVXN/#7SM6VOPQZCMJZEWQJBG42GCCXMJKKVXN"}],"threats":[{"category":"impact","date":"2013-06-28T00:18:44Z","details":"important"}],"title":"CVE-2008-0017"}]}