Mozilla Firefox GIF processing buffer overflow

Added: 06/09/2006
CVE: CVE-2005-0399
BID: 12881
OSVDB: 14937

Background

Mozilla is a suite of Internet client products available for multiple platforms.

Problem

A heap overflow in Mozilla Firefox when processing GIF images with the obsolete Netscape extension 2 allows command execution when a user visits a malicious web site.

Resolution

Upgrade to Firefox 1.0.2 or higher.

References

http://www.mozilla.org/security/announce/2005/mfsa2005-30.html

Limitations

Exploit works on Firefox 1.0.1. In order for exploitation to succeed, a user must load the exploit page in a vulnerable browser.

Platforms

Windows 2000
Windows XP

Back to exploit index