Vulnerability Note VU#879056
Mozilla browsers fail to properly handle images
A vulnerability exists in Mozilla products that may allow a remote attacker to view browser history or cause a denial of service.
Mozilla products contain a vulnerability in the browser engine that may result in information disclosure or a denial of service when handling malicious image files when a user leaves a page with designMode frames. According to the Mozilla Foundation Security Advisory 2008-06:
The reported issue can be used to steal a user's navigation history, forward navigation information, and crash the user's browser. The crash showed evidence of memory corruption and might be exploitable to run arbitrary code.
A remote, unauthorized attacker may be able to view browser history information or cause a denial of service.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Mozilla||Affected||-||11 Feb 2008|
CVSS Metrics (Learn More)
This vulnerability is addressed in Mozilla Foundation Security Advisory 2008-06. Mozilla credits David Bloom for reporting this issue.
This document was written by Chris Taschner.
- CVE IDs: CVE-2008-0419
- Date Public: 07 Feb 2008
- Date First Published: 11 Feb 2008
- Date Last Updated: 11 Feb 2008
- Severity Metric: 5.94
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.