Mozilla Foundation Security Advisory 2009-56
Title: Heap buffer overflow in GIF color map parser
Announced: October 27, 2009
Reporter: regenrecht, iDefense
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.5.4
This flaw does not affect products built on the Gecko 1.8 browser engine such as Thunderbird 2.
Security research firm iDefense reported that researcher regenrecht discovered a heap-based buffer overflow in Mozilla's GIF image parser. This vulnerability could potentially be used by an attacker to crash a victim's browser and run arbitrary code on their computer.