CVE-2009-3978 — NULL Pointer Dereference in Mozilla Firefox

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 28.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedNov 19

Latest updateMay 2

Description

The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox3.5.4+65

Patches

Patch: www.h-online.com ↗Patch: www.mozilla.com ↗Patch: wiki.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-8w37-959h-v45j: The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2↗2022-05-02

▶

📋Vendor Advisories

Red Hat

Seamonkey: NULL pointer dereference in GIF decoder↗2009-10-29

▶

💬Community

Bugzilla

CVE-2009-3978 Firefox, Seamonkey: NULL pointer dereference in GIF decoder↗2009-12-14

▶