Info

Disclosure

Feb 23, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Mozilla Firefox. The application fails to validate input passed to the 'stroke-width' variable in the '_cairo_pen_init' function resulting in a heap overflow. With a specially crafted .svg file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to Firefox 2.0.0.2 or higher, as it has been reported to fix this vulnerability. Additionally, disable Firefox's it internal SVG viewer as a workaround.

Products

Mozilla Organization	Firefox	2.0
		2.0.0.1

References

Security Tracker: 1017698
CVE ID: 2007-0776 (see also: NVD)
Bugtraq ID: 22694
Secunia Advisory ID: 24205 24238 24293 24320 24328 24333 24384 24389 24393 24406 24410 24437 24455 24456 24457 24522 24569 25588
Related OSVDB ID: 32103 32104 32105 32107 32109 32110 32111 32114 32115
ISS X-Force ID: 32698
CERT VU: 551436
VUPEN Advisory: ADV-2007-0718 ADV-2007-0719
Vendor Specific Advisory URL: http://fedoranews.org/cms/node/2713
http://lists.rpath.com/pipermail/security-announce/2007-February/000153.html
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
Other Advisory URL: http://fedoranews.org/cms/node/2721
http://fedoranews.org/cms/node/2728
http://fedoranews.org/cms/node/2747
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0006.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://www.gentoo.org/security/en/glsa/glsa-200703-04.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
http://www.ubuntu.com/usn/usn-428-1
http://www.ubuntu.com/usn/usn-431-1
http://www.us.debian.org/security/2007/dsa-1336
Vendor Specific Solution URL: http://security.gentoo.org/glsa/glsa-200703-04.xml
Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=360645

Credit

Tom Ferris - tommysecurity-protocols.com - Security-Protocols

Direct URL: http://osvdb.org/32113

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mozilla Organization

Firefox

References

Credit