CVE-2005-0399 Information

Description

Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2 Mozilla before to 1.7.6 and Thunderbird before 1.0.2 and possibly other applications that use the same library allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.

Reference

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/14654 http://secunia.com/advisories/19823 http://www.ciac.org/ciac/bulletins/p-160.shtml http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml http://www.kb.cert.org/vuls/id/557948 http://www.mozilla.org/security/announce/mfsa2005-30.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata/RHSA-2005-323.html http://www.redhat.com/support/errata/RHSA-2005-335.html http://www.redhat.com/support/errata/RHSA-2005-336.html http://www.redhat.com/support/errata/RHSA-2005-337.html http://www.securityfocus.com/bid/12881 http://www.securityfocus.com/bid/15495 http://www.vupen.com/english/advisories/2005/0296 http://xforce.iss.net/xforce/alerts/id/191 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877 https://exchange.xforce.ibmcloud.com/vulnerabilities/19269 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A100028 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11377