Multiple Mozilla products are prone to an overflow condition. This issue is triggered when nsSVGFEMorphologyElement::Filter fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With the addition of an unspecified value that is too large to be stored as a signed 32-bit integer, a remote attacker can potentially execute arbitrary code.

Upgrade Firefox and Thunderbird to version 15 or higher (10.0.7 for ESR) or SeaMonkey to version 2.12 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1027452
• CVE ID: 2012-3969 (see also: NVD)
• Secunia Advisory ID: 50088 50308 50331 50379 50380 50434 50436 50437 50460 50616 50623 50763 50810 51766 52429
• Bugtraq ID: 55292
• Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html
  http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html
  http://lists.opensuse.org/opensuse-updates/2012-08/msg00044.html
  http://www.debian.org/security/2012/dsa-2553
  http://www.debian.org/security/2012/dsa-2554
  http://www.debian.org/security/2012/dsa-2556
  http://www.gentoo.org/security/en/glsa/glsa-201301-01.xml
  http://www.palemoon.org/releasenotes-ng.shtml
  http://www.ubuntu.com/usn/usn-1548-1/
  http://www.ubuntu.com/usn/usn-1551-1/
  https://bugzilla.mozilla.org/show_bug.cgi?id=782141 [ Auth Req'd ]
• Vendor Specific Advisory URL: http://rss.xerox.com/~r/security-bulletins/~5/LLTGnhmbIMY/cert_XRX13-004_v1.01.pdf
  http://rss.xerox.com/~r/security-bulletins/~5/xzeGn6t7q7c/cert_XRX13-003_v1.0.pdf
  http://www.mozilla.org/security/announce/2012/mfsa2012-63.html
  http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
• RedHat RHSA: RHSA-2012:1210 RHSA-2012:1211

• Arthur Gerkis