Vulnerabilities > CVE-2009-3978 - Unspecified vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-091119.NASL description The Mozilla Firefox 3.5.5 release fixes some instability issues caused by the 3.5.4 security upgrade. last seen 2020-06-01 modified 2020-06-02 plugin id 42876 published 2009-11-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42876 title SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1563) NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLAFIREFOX-091124.NASL description The Mozilla Firefox 3.5.5 release fixes some instability issues caused by the 3.5.4 security upgrade. One crash was assigned a CVE number: CVE-2009-3978: The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size. Also some KDE4 integration bugs were fixed : - use mimetype for opening url if known (bnc#556156) - fix file dialog resetting icon size (bnc#546490) and file dialog for multiple files not working (bnc#548267) - fix KDE filepicker (bnc#548267,bnc#555438) - avoid possible deadlock with KDE integration (bnc#555202) last seen 2020-06-01 modified 2020-06-02 plugin id 42925 published 2009-11-30 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42925 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-1597) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
References
- http://hg.mozilla.org/releases/mozilla-1.9.1/rev/edf189567edc
- http://www.h-online.com/open/news/item/Mozilla-fixes-critical-bugs-with-Firefox-3-5-5-852070.html
- http://www.mozilla.com/en-US/firefox/3.5.5/releasenotes/
- https://bugzilla.mozilla.org/show_bug.cgi?id=525326
- https://wiki.mozilla.org/Releases/Firefox_3.5.5/Test_Plan