Mozilla and Firefox GIF Image Overflow Vuln Announced 3/23/05!
Results 1 to 8 of 8

Thread: Mozilla and Firefox GIF Image Overflow Vuln Announced 3/23/05!

  1. #1
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487

    Exclamation Mozilla and Firefox GIF Image Overflow Vuln Announced 3/23/05!

    Crap, more and more are picking apart Mozilla - my favorite browser. Well at least they are getting discovered so we are aware of the issues and are getting fixed.

    I'm concerned as to how easily exploitable is this seeing how it could be very pervasive and spreadable (re.; via ad banners for example, or small invisible GIFs in emails).

    Details....
    Mozilla GIF Image Processing Library Remote Heap Overflow Vulnerability

    Impact:
    Remote attacker may execute arbitrary code in the context of the user running the application.

    Affected Versions:
    * Mozilla Browser versions prior to 1.7.6
    * Mozilla Firefox versions prior to 1.0.2
    * Mozilla Thunderbird Mail client versions prior to 1.0.2

    Advisory: http://www.mozilla.org/security/anno...sa2005-30.html

    Solution/Remediation:
    Upgrade to...
    * Mozilla Firefox 1.0.2 http://www.mozilla.org/products/firefox/
    * Mozilla Browser 1.7.6 http://www.mozilla.org/products/mozilla1.x/
    * Mozilla Thunderbird 1.0.2 http://download.mozilla.org/?product...win&lang=en-US

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    <rant-on>

    Sigh. I just updated both Firefox and Thunderbird. Why on earth can the program not ask if you want to remove the old version before updating/installing?! I don't need freakin' 6 installations of various versions! And by removing the old version the new version was removed so I had to re-install the new version.

    <rant-off>
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    in the context of the user running the application
    ACK! <----- Bill the cat impersonation.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  4. #4
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    It is my favorite browser too. It is still nice that vulnerabilities are exposed and patched... this is the most important thing... Things could have been worst if no security responces were in place...

    This problem is basically very simillar to an relatively old IE vulnerability... This shoratge has been exploited to excute arbitrary code and DoS attackes..

    BTW, I could not know what an Arbitrary code is??

    Cheers
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  5. #5
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    MSM, Firefox seems to work fantasitc when upgraded from within the browser, using Tools/Options.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  6. #6
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I actually had clicked on their update icon on the browser (rather than going through Tools/Options). It was a red upwards arrow at the top right. Why should there be a difference? Wouldn't it be using the same thing?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #7
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Well considering I JUST updated it via the Tools menu then restarted FireFox and I still get the red ICON I woould say... hmmm?

    Closing browser and investigating. See ya in a bit.

    /EDIT. Must be some issue with the flag. I still got the Arrow but when I clicked it there was no update available after the software accessed firefox update. I chose custom and accepted the recorded defaults. Perhaps if you choose the other option it installs a new copy? Many open source products use the latest build as the directory name and you end up having to change the name to a generic one or choosing custom name the first time otherwise you get /Program1 then /program2 etc. Beats me, though just guessing.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  8. #8
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Yes, RoadClosed...investigate ! I just downloaded off their site but haven't uploaded it yet...tell me if it makes a difference, inquiring minds want to know!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •