Mozilla Foundation Security Advisory 2009-56

Heap buffer overflow in GIF color map parser

Announced
October 27, 2009
Reporter
regenrecht, iDefense
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 3.0.15
  • Firefox 3.5.4
  • SeaMonkey 2

This flaw does not affect products built on the Gecko 1.8 browser engine such as Thunderbird 2.

Description

Security research firm iDefense reported that researcher regenrecht discovered a heap-based buffer overflow in Mozilla's GIF image parser. This vulnerability could potentially be used by an attacker to crash a victim's browser and run arbitrary code on their computer.

References