CVE-2008-0420

N/A Unknown
Published: February 12, 2008 Modified: April 23, 2026
View on NVD

Description

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://browser.netscape.com/releasenotes/
Source: secalert@redhat.com
http://secunia.com/advisories/28758
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28839
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/29049
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/29098
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/29167
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/30327
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/30620
Source: secalert@redhat.com
Vendor Advisory
http://securitytracker.com/id?1019434
Source: secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
Source: secalert@redhat.com
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
Source: secalert@redhat.com
http://www.mandriva.com/security/advisories?name=MDVSA-2008:048
Source: secalert@redhat.com
http://www.mozilla.org/security/announce/2008/mfsa2008-07.html
Source: secalert@redhat.com
http://www.securityfocus.com/archive/1/488264/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/bid/27826
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-582-1
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-582-2
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/0627/references
Source: secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2008/1793/references
Source: secalert@redhat.com
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=408076
Source: secalert@redhat.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/40491
Source: secalert@redhat.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/40606
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10119
Source: secalert@redhat.com
https://usn.ubuntu.com/576-1/
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html
Source: secalert@redhat.com
http://browser.netscape.com/releasenotes/
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28758
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28839
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29049
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29098
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29167
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/30327
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/30620
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1019434
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2008:048
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mozilla.org/security/announce/2008/mfsa2008-07.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/488264/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/27826
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-582-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-582-2
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0627/references
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2008/1793/references
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=408076
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/40491
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/40606
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10119
Source: af854a3a-2127-422b-91ae-364da2661108
https://usn.ubuntu.com/576-1/
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html
Source: af854a3a-2127-422b-91ae-364da2661108

52 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
2.2%
80th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-200

Affected Vendors

mozilla

Related CVEs

CVE-2026-9677 N/A
CVE-2026-13245 6.1
CVE-2026-12404 5.3
CVE-2026-10820 N/A
CVE-2026-12415 9.8