Security Hero Rotating Header Image

Mozilla Products Graphic Rendering Memory Corruption Vulnerability

Mozilla Products Graphic Rendering Memory Corruption Vulnerability

Summary:

A memory corruption vulnerability exists in various Mozilla products, allowing a remote attacker to compromise targeted systems upon viewing malicious HTML document.

Impact:

Full compromise of the targeted system.

Risk:

  • Critical

Affected Software:

  • Firefox version older than 3.0.2
  • Firefox version older than 2.0.0.17
  • Thunderbird version older than 2.0.0.17
  • SeaMonkey version older than 1.1.12

Additional Information:

The vulnerability lies in common graphics routines rendering, and is caused by insufficient checking of long strings when displaying them. There are two main attack scenarios:

1) A malicious html page could be hosted on a rogue or hacked web server, targeting users who browse the page in Firefox or Seamonkey.
2) A malicious html formatted e-mail could be mailed (or mass-mailed), targeting recipients who open the e-mail in Thunderbird or Seamonkey.

Solutions:

  • Upgrade to latest version available from http://www.mozilla.org/.
  • Disable JavaScript until a version containing the fix is installed.

References:

Acknowledgment:

  • David Maciejak of Fortinet’s FortiGuard Global Security Research Team

URL: http://www.fortiguardcenter.com/advisory/FGA-2008-20.html

Leave a Reply

Your email address will not be published. Required fields are marked *