VulnerableCode Vulnerability Details - VCID-3gwb-npby-tbek

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-3gwb-npby-tbek

Essentials
Severities (2)
References (11)
Severity details (1)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-3gwb-npby-tbek
Aliases	CVE-2008-0016
Summary	Justin Schuh and Tom Cross of the IBM X-Force and Peter Williams of IBM Watson Labs reported errors in Mozilla URL parsing routines. These errors could be exploited using a specially crafted UTF-8 URL in a hyperlink which could overflow a stack buffer and allow an attacker to execute arbitrary code.Firefox 3 is not affected by this issue
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-121

Stack-based Buffer Overflow

System	Score	Found at
epss	0.48604	https://api.first.org/data/v1/epss?cve=CVE-2008-0016
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2008-37

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0016.json
		https://api.first.org/data/v1/epss?cve=CVE-2008-0016
463181		https://bugzilla.redhat.com/show_bug.cgi?id=463181
CVE-2008-0016		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016
CVE-2008-0016;OSVDB-48780	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9663.py
GLSA-201301-01		https://security.gentoo.org/glsa/201301-01
mfsa2008-37		https://www.mozilla.org/en-US/security/advisories/mfsa2008-37
RHSA-2008:0882		https://access.redhat.com/errata/RHSA-2008:0882
RHSA-2008:0908		https://access.redhat.com/errata/RHSA-2008:0908
USN-645-1		https://usn.ubuntu.com/645-1/
USN-645-2		https://usn.ubuntu.com/645-2/

Data source	Exploit-DB
Date added	Sept. 13, 2009
Description	Mozilla Firefox 2.0.0.16 - UTF-8 URL Remote Buffer Overflow
Ransomware campaign use	Known
Source publication date	Sept. 14, 2009
Exploit type	remote
Platform	windows

Exploit Prediction Scoring System (EPSS)

Percentile	0.978
EPSS Score	0.48604
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:27:31.232166+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2008/mfsa2008-37.md	38.6.0