Mozilla Firefox XBM Decoder May Let Remote Users Access Uninitialized Memory Contents
|
|
SecurityTracker Alert ID: 1020923
|
|
SecurityTracker URL: http://securitytracker.com/id?1020923
|
|
CVE Reference: CVE-2008-4069
(Links to External Site)
|
Date: Sep 24 2008
|
Impact: Disclosure of system information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Mozilla Foundation Security Advisory
|
Version(s): prior to 2.0.0.17
|
Description: A vulnerability was reported in Mozilla Firefox. A remote user may be able to access uninitialized memory.
A remote user can create HTML that, when loaded by the target user, will access "random small chunks" of uninitialized memory. The
vulnerability resides in the XBM decoder.
SeaMonkey is also affected.
Billy Hoffman reported this vulnerability.
|
Impact: A remote user may be able to access uninitialized memory.
|
Solution: The vendor has issued a fixed version (2.0.0.17).
The vendor's advisory is available at:
http://www.mozilla.org/security/announce/2008/mfsa2008-45.html
|
Vendor URL: www.mozilla.org/security/announce/2008/mfsa2008-45.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 23 Sep 2008 23:17:12 -0400
Subject: http://www.mozilla.org/security/announce/2008/mfsa2008-45.html
|
CVE-2008-4069
|
|
