Bugtraq ID: | 27243 |
Class: | Failure to Handle Exceptional Conditions |
CVE: | |
Remote: | Yes |
Local: | No |
Published: | Jan 11 2008 12:00AM |
Updated: | Jan 12 2008 01:09AM |
Credit: | Hanno Bock is credited with discovering this vulnerability. |
Vulnerable: | Mozilla Firefox 2.0 8 Mozilla Firefox 2.0 .9 Mozilla Firefox 2.0 .7 Mozilla Firefox 2.0 .6 Mozilla Firefox 2.0 .5 Mozilla Firefox 2.0 .4 Mozilla Firefox 2.0 .3 Mozilla Firefox 2.0 .10 Mozilla Firefox 2.0 .1 Mozilla Firefox 1.5 beta 2 Mozilla Firefox 1.5 beta 1 Mozilla Firefox 1.5 12 Mozilla Firefox 1.5 .8 Mozilla Firefox 1.5 .6 Mozilla Firefox 1.5 Mozilla Firefox 1.5 Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0 RC3 Mozilla Firefox 2.0 RC2 Mozilla Firefox 2.0 beta 1 Mozilla Firefox 2.0 Mozilla Firefox 1.5.0.9 Mozilla Firefox 1.5.0.7 Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.5 Mozilla Firefox 1.5.0.4 Mozilla Firefox 1.5.0.3 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.11 Mozilla Firefox 1.5.0.10 Mozilla Firefox 1.5.0.1 |
Mozilla Firefox is prone to a remote denial-of-service vulnerability.
Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.
[exploit]
Attackers can exploit this issue by enticing an unsuspecting victim to view a malicious GIF file.
The 'zzuf' fuzzing tool demonstrates this issue. The tool can be obtained from the following website:
http://sam.zoy.org/zzuf/
[solution]
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
[references]
How long does it take to fix a crash-bug? (Hanno Bock)
Mozilla Homepage (Mozilla)
re-resting of zzuf results ('Hanno =?utf-8?q?B=C3=B6ck?='