You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2008-54

Mozilla Foundation Security Advisory 2008-54

Title: Buffer overflow in http-index-format parser
Impact: Critical
Announced: November 12, 2008
Reporter: Justin Schuh
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.0.4
  SeaMonkey 1.1.13


Justin Schuh of the IBM X-Force reported a flaw in the way Mozilla parses the http-index-format MIME type. By sending a specially crafted 200 header line in the HTTP index response, an attacker can cause the browser to crash and run arbitrary code on the victim's computer.