Vulnerability Note VU#722244

Mozilla products vulnerable to heap overflow via miscalculated size during conversion of an image

Original Release date: 18 Jan 2007 | Last revised: 18 Jan 2007

Overview

A vulnerability exists in Mozilla products that may allow a remote attacker to execute arbitrary code or cause a denial of service.

Description

Mozilla products contain a vulnerability in the CSS cursor property on Microsoft Windows that may result in a crash when handling malicious images. According to the Mozilla Foundation Security Advisory 2006-69:

    A miscalculated size during conversion of the image to a Windows bitmap can result in a heap buffer overflow which could be used to compromise the victim's computer.


Mozilla also states that this flaw affects both Firefox 2 and Firefox 1.5 but not the earlier Firefox 1.0 or Mozilla Suite products.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service.

Solution

Apply an update
According to the Mozilla Foundation Security Advisory 2006-69, this vulnerability is addressed in Firefox 2.0.0.1, Firefox 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Gentoo LinuxAffected-18 Jan 2007
Mandriva, Inc.Affected-18 Jan 2007
MozillaAffected-21 Dec 2006
SUSE LinuxAffected-18 Jan 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This issue is addressed in Mozilla Foundation Security Advisory 2006-69. Mozilla credits Frederik Reiss with providing information about this issue.

This document was written by Chris Taschner.

Other Information

  • CVE IDs: CVE-2006-6500
  • Date Public: 19 Dec 2006
  • Date First Published: 18 Jan 2007
  • Date Last Updated: 18 Jan 2007
  • Severity Metric: 12.15
  • Document Revision: 21

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.