|
|
|
|
| |
Credit:
The information has been provided by regenrecht.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/
|
| |
Vulnerable Systems:
* Firefox 3.5.4
* Firefox 3.0.15
* SeaMonkey 2.0
The libpr0n GIF parser was designed using a state machine which is represented as a series of switch/case statements. One particularly interesting state, 'gif_image_header', is responsible for interpreting a single image/frame description record. A single GIF file may contain many images, each with a different color map associated.
The problem lies in the handling of changes to the color map of subsequent images in a multiple-image GIF file. Memory reallocation is not managed correctly and can result in an exploitable heap overflow condition.
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user running the vulnerable application. To exploit this vulnerability, a targeted user must load a malicious Web page created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites.
Patch Availability:
Mozilla has released a patch which fixes this issue in Firefox 3.5.4, Firefox 3.0.15, and SeaMonkey 2.0. Information about downloadable vendor updates can be found by clicking on the URL shown.
http://www.mozilla.com/en-US/firefox/ie.html
CVE Information:
CVE-2009-3373
Disclosure Timeline:
08/20/2009 - Initial Vendor Notification
10/27/2009 - Vendor Public Disclosure
10/28/2009 - iDefense Public Disclosure
|
|
|
|
|
