Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2009-56

Heap buffer overflow in GIF color map parser

Announced
October 27, 2009
Reporter
regenrecht, iDefense
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 3.0.15
  • Firefox 3.5.4
  • SeaMonkey 2

This flaw does not affect products built on the Gecko 1.8 browser engine such as Thunderbird 2.

Description

Security research firm iDefense reported that researcher regenrecht discovered a heap-based buffer overflow in Mozilla's GIF image parser. This vulnerability could potentially be used by an attacker to crash a victim's browser and run arbitrary code on their computer.

References