The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
https://bugzilla.mozilla.org/show_bug.cgi?id=443299
http://secunia.com/advisories/32684
http://secunia.com/advisories/32693
http://secunia.com/advisories/32694
http://secunia.com/advisories/32695
http://secunia.com/advisories/32713
http://secunia.com/advisories/32714
http://secunia.com/advisories/32721
http://secunia.com/advisories/32778
http://secunia.com/advisories/32845
http://secunia.com/advisories/32853
http://secunia.com/advisories/33433
http://secunia.com/advisories/34501
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11005
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
http://ubuntu.com/usn/usn-667-1
http://www.debian.org/security/2008/dsa-1669
http://www.debian.org/security/2008/dsa-1671
http://www.debian.org/security/2009/dsa-1697
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230
http://www.mozilla.org/security/announce/2008/mfsa2008-54.html
http://www.redhat.com/support/errata/RHSA-2008-0977.html
http://www.redhat.com/support/errata/RHSA-2008-0978.html
http://www.securitytracker.com/id?1021185
http://www.us-cert.gov/cas/techalerts/TA08-319A.html