You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.2) > MFSA 2005-30
Mozilla Foundation Security Advisory 2005-30
Title: GIF heap overflow parsing Netscape extension 2
Reporter: Mark Dowd (ISS X-Force)
Products: Firefox, Thunderbird, Mozilla Suite
Fixed in: Firefox 1.0.2
Mozilla Suite 1.7.6
An GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine.
Turn off image display. Upgrade to the fixed version.
Important Note: The image blocking used in Mozilla Thunderbird and the mail client in the Mozilla Suite only blocks images loaded from remote servers. It will still display "in-line" images and is insufficient to protect against a potential attack. Instead, on the View menu choose "Message Body As" and set it to "Plain Text".
We, of course, recommend upgrading to the fixed version.