icon_firefox[CVE 2011-2377] Memory corruption due to multipart/x-mixed-replace images

cve2011-2377mfsa2011-21


Memory corruption due to multipart/x-mixed-replace images


Announced: June 21, 2011
Reporter: Jordi Chancel
Impact: Critical
Products: Firefox, SeaMonkey, Thunderbird
Fixed in: Firefox 3.6.18 – Firefox 5 – SeaMonkey 2.2 – Thunderbird 3.1.11


Description

Security researcher Jordi Chancel reported a crash on multipart/x-mixed-replace images due to memory corruption.


CVE Description

Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and
SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute arbitrary code via
a multipart/x-mixed-replace image
.


  • Vidéo de démonstration :


Security Researcher Jordi Chancel

Comments are closed.