Mozilla Firefox 'GIF' File DoS Vulnerability - Nov09 (Linux) Network Vulnerability

Summary

The host is installed with Firefox browser and is prone to Denial of Service vulnerabilities.

Impact

Successful exploitation could allows remote attacker to cause a vulnerable application to crash. Impact Level: Application

Solution

Upgrade to Firefox version 3.5.5 or later, http://www.mozilla.com/en-US/firefox/all.html

Insight

A NULL pointer dereference error in 'nsGIFDecoder2::GifWrite' function in 'decoders/gif/nsGIFDecoder2.cpp' in libpr0n, which can be exploited to cause application crash via an animated 'GIF' file with a large image size.

Affected

Mozilla Firefox version prior to 3.5.5 on Linux.

References

http://hg.mozilla.org/releases/mozilla-1.9.1/rev/edf189567edc
https://bugzilla.mozilla.org/show_bug.cgi?id=525326
https://wiki.mozilla.org/Releases/Firefox_3.5.5/Test_Plan

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3978
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apple Safari JavaScript 'Reload()' DoS Vulnerability - July09
CUPS IPP Packets Processing Denial of Service Vulnerability
Dopewars Server 'REQUESTJET' Message Remote Denial of Service Vulnerability
EtherApe RPC Packet Processing Denial of Service Vulnerability
ClamAV LZH File Unpacking Denial of Service Vulnerability (Win)

Take action and discover your vulnerabilities