17 Jul 21:14
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
From: <zdi-disclosures <at> 3com.com>
Subject: ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
Newsgroups: gmane.comp.security.full-disclosure, gmane.comp.security.bugtraq
Date: 2008-07-17 19:17:58 GMT
Subject: ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
Newsgroups: gmane.comp.security.full-disclosure, gmane.comp.security.bugtraq
Date: 2008-07-17 19:17:58 GMT
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-044 July 17, 2008 -- CVE ID: CVE-2008-2785 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 2.0.x Mozilla Firefox 3.0.x -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6204. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the browser's handling reference counters to the nsCSSValue:Array class. Creating more then 65,535 references will overflow a 16-bit reference counter and therefore result in an erroneous(Continue reading)
RSS Feed