Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3373Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-476NULL Pointer DereferenceCWE-122Heap-based Buffer Overflow14 documents7 sources
Severity
10.0CRITICALNVD
NVD4.3
EPSS
11.6%
top 6.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedOct 29
Latest updateMay 2

Description

Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDmozilla/firefox3.5.4+79
NVDmozilla/seamonkey1.5.0.10+30

Patches

Patch: www.mozilla.orgPatch: www.mozilla.org

🔴Vulnerability Details

4
GHSA
GHSA-429c-wjm9-c577: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 32022-05-02
GHSA
GHSA-8w37-959h-v45j: The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder22022-05-02
CVEList
CVE-2009-3978: The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder22009-11-19
CVEList
CVE-2009-3373: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 32009-10-29

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow2009-10-27

📋Vendor Advisories

4
Ubuntu
Firefox and Xulrunner regression2009-11-11
Ubuntu
Firefox and Xulrunner vulnerabilities2009-10-31
Red Hat
Seamonkey: NULL pointer dereference in GIF decoder2009-10-29
Red Hat
Firefox heap buffer overflow in GIF color map parser2009-10-27

💬Community

3
Bugzilla
CVE-2009-3978 Firefox, Seamonkey: NULL pointer dereference in GIF decoder2009-12-14
Bugzilla
CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser2009-10-21
Bugzilla
CVE-2009-3014 firefox/seamonkey: XSS via improper handling of javascript: URIs in certain HTML links2009-08-31
CVE-2009-3373 — Mozilla Firefox vulnerability | cvebase