CVE-2009-3373
published 2009-10-29CVE-2009-3373: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers…
PriorityP357critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
15.52%
96.4th percentile
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
Affected
111 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | <= 3.5.4 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
vendor_ubuntu4.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox and Xulrunner regression
vendor_ubuntu·2009-11-11·CVSS 4.4
[MEDIUM] Firefox and Xulrunner regression
Title: Firefox and Xulrunner regression
Summary: Firefox and Xulrunner regression
USN-853-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream
changes introduced regressions that could lead to crashes when processing
certain malformed GIF images, fonts and web pages. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it
converted strings to floating point numbers. If a user were tricked into
viewing a malicious website, a remote attacker could cause a denial of service
or possibly execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-1563)
Jeremy Brown discovered that the Firefox Download Manager was vulnerable to
symlink attacks.
Ubuntu
Firefox and Xulrunner vulnerabilities
vendor_ubuntu·2009-10-31·CVSS 4.4
CVE-2009-3371 [MEDIUM] Firefox and Xulrunner vulnerabilities
Title: Firefox and Xulrunner vulnerabilities
Summary: Firefox and Xulrunner vulnerabilities
Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it
converted strings to floating point numbers. If a user were tricked into
viewing a malicious website, a remote attacker could cause a denial of service
or possibly execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-1563)
Jeremy Brown discovered that the Firefox Download Manager was vulnerable to
symlink attacks. A local attacker could exploit this to create or overwrite
files with the privileges of the user invoking the program. (CVE-2009-3274)
Paul Stone discovered a flaw in the Firefox form history. If a user were
tricked into viewing a malicious website, a remote attacker could access t
Red Hat
Seamonkey: NULL pointer dereference in GIF decoder
vendor_redhat·2009-10-29·CVSS 10.0
CVE-2009-3978 [CRITICAL] CWE-476 Seamonkey: NULL pointer dereference in GIF decoder
Seamonkey: NULL pointer dereference in GIF decoder
The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373.
Red Hat
Firefox heap buffer overflow in GIF color map parser
vendor_redhat·2009-10-27·CVSS 10.0
CVE-2009-3373 [CRITICAL] CWE-122 Firefox heap buffer overflow in GIF color map parser
Firefox heap buffer overflow in GIF color map parser
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
GHSA
GHSA-429c-wjm9-c577: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3
ghsa_unreviewed·2022-05-02
CVE-2009-3373 [HIGH] CWE-119 GHSA-429c-wjm9-c577: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
GHSA
GHSA-8w37-959h-v45j: The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2
ghsa_unreviewed·2022-05-02·CVSS 10.0
CVE-2009-3978 [CRITICAL] GHSA-8w37-959h-v45j: The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2
The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373.
No detection rules found.
Bugzilla
CVE-2009-3978 Firefox, Seamonkey: NULL pointer dereference in GIF decoder
bugzilla·2009-12-14·CVSS 10.0
CVE-2009-3978 [CRITICAL] CVE-2009-3978 Firefox, Seamonkey: NULL pointer dereference in GIF decoder
CVE-2009-3978 Firefox, Seamonkey: NULL pointer dereference in GIF decoder
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3978 to
the following vulnerability:
The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp
in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to
cause a denial of service (NULL pointer dereference and application crash)
via an animated GIF file with a large image size, a different vulnerability
than CVE-2009-3373.
Upstream bug report:
https://bugzilla.mozilla.org/show_bug.cgi?id=525326
Upstream patch:
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/edf189567edc
Discussion:
This issue does NOT affect the versions of the seamonkey package, as shipped
with Red Hat Enterprise Linux 3 and 4.
This issue does NOT af
Bugzilla
CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser
bugzilla·2009-10-21·CVSS 10.0
CVE-2009-3373 [CRITICAL] CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser
CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser
Security research firm iDefense reported that researcher regenrecht
discovered a heap-based buffer overflow in Mozilla's GIF image parser. This
vulnerability could potentially be used by an attacker to crash a victim's
browser and run arbitrary code on their computer.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1530 https://rhn.redhat.com/errata/RHSA-2009-1530.html
---
blam-1.8.5-15.fc11, chmsee-1.0.1-12.fc11, epiphany-2.26.3-5.fc11, epiphany-extensions-2.26.1-7.fc11, evolution-rss-0.1.4-5.fc11, firefox-3.5.4-1.fc11, galeon-2.0.7-17.fc11, gnome-python2-extras-2.25.3-8.fc11, gnome-web-photo-0.7-7.fc11, google-gadgets-0.11.1-2.fc11
Bugzilla
CVE-2009-3014 firefox/seamonkey: XSS via improper handling of javascript: URIs in certain HTML links
bugzilla·2009-08-31·CVSS 4.3
CVE-2009-3014 [MEDIUM] CVE-2009-3014 firefox/seamonkey: XSS via improper handling of javascript: URIs in certain HTML links
CVE-2009-3014 firefox/seamonkey: XSS via improper handling of javascript: URIs in certain HTML links
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3014 to
the following vulnerability:
Name: CVE-2009-3014
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3014
Assigned: 20090831
Reference: BUGTRAQ:20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon
Reference: URL: http://www.securityfocus.com/archive/1/archive/1/506163/100/0/threaded
Reference: MISC: http://websecurity.com.ua/3373/
Reference: MISC: http://websecurity.com.ua/3386/
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre;
SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle
javascript: URIs in HTML links within 302
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1http://www.mandriva.com/security/advisories?name=MDVSA-2009:294http://www.mozilla.org/security/announce/2009/mfsa2009-56.htmlhttp://www.vupen.com/english/advisories/2009/3334https://bugzilla.mozilla.org/show_bug.cgi?id=511689https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10684https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6548http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1http://www.mandriva.com/security/advisories?name=MDVSA-2009:294http://www.mozilla.org/security/announce/2009/mfsa2009-56.htmlhttp://www.vupen.com/english/advisories/2009/3334https://bugzilla.mozilla.org/show_bug.cgi?id=511689https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10684https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6548
2009-10-29
Published