Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:MOZILLA:GIF89A-EXT

Severity

 Medium

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Mozilla Gif89A:Extension

Release Date

 2005/03/30

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Mozilla Gif89A:Extension


This signature detects attempts to exploit a non-supported extension in the GIF decoding engine. Attackers can create a maliciously crafted GIF file exploiting this extension. A successful exploit can allow an attacker to create a denial of service (DoS) or execute arbitrary scripts with user privileges.

Extended Description

Multiple Mozilla products are affected by a remote heap-overflow vulnerability. This issue affects the GIF image processing library used by Mozilla Firefox, Mozilla Browser, and Mozilla Thunderbird Mail client. A successful attack can result in arbitrary code execution and in unauthorized access to the affected computer. Arbitrary code execution will take place in the context of a user running a vulnerable application. *Update: K-Meleon, which is based on the Mozilla Gecko-code base, is also prone to this issue.

Affected Products

  • Gentoo Linux
  • HP HP-UX B.11.00
  • HP HP-UX B.11.11
  • HP HP-UX B.11.22
  • HP HP-UX B.11.23
  • K-Meleon 0.8.2
  • K-Meleon 0.9.0
  • Mozilla Browser 0.8.0
  • Mozilla Browser 0.9.2
  • Mozilla Browser 0.9.2 .1
  • Mozilla Browser 0.9.3
  • Mozilla Browser 0.9.35
  • Mozilla Browser 0.9.4
  • Mozilla Browser 0.9.4 .1
  • Mozilla Browser 0.9.48
  • Mozilla Browser 0.9.5
  • Mozilla Browser 0.9.6
  • Mozilla Browser 0.9.7
  • Mozilla Browser 0.9.8
  • Mozilla Browser 0.9.9
  • Mozilla Browser 1.0.0
  • Mozilla Browser 1.0.0 RC1
  • Mozilla Browser 1.0.0 RC2
  • Mozilla Browser 1.0.1
  • Mozilla Browser 1.0.2
  • Mozilla Browser 1.1.0
  • Mozilla Browser 1.1.0 Alpha
  • Mozilla Browser 1.1.0 Beta
  • Mozilla Browser 1.2.0
  • Mozilla Browser 1.2.0 Alpha
  • Mozilla Browser 1.2.0 Beta
  • Mozilla Browser 1.2.1
  • Mozilla Browser 1.3.0
  • Mozilla Browser 1.3.1
  • Mozilla Browser 1.4.0
  • Mozilla Browser 1.4.0 A
  • Mozilla Browser 1.4.0 B
  • Mozilla Browser 1.4.1
  • Mozilla Browser 1.4.2
  • Mozilla Browser 1.4.4
  • Mozilla Browser 1.5.0
  • Mozilla Browser 1.5.1
  • Mozilla Browser 1.6.0
  • Mozilla Browser 1.7.0
  • Mozilla Browser 1.7.0 Alpha
  • Mozilla Browser 1.7.0 Beta
  • Mozilla Browser 1.7.0 Rc1
  • Mozilla Browser 1.7.0 Rc2
  • Mozilla Browser 1.7.0 Rc3
  • Mozilla Browser 1.7.1
  • Mozilla Browser 1.7.2
  • Mozilla Browser 1.7.3
  • Mozilla Browser 1.7.4
  • Mozilla Browser 1.7.5
  • Mozilla Browser M15
  • Mozilla Browser M16
  • Mozilla Firefox 0.10.0
  • Mozilla Firefox 0.10.1
  • Mozilla Firefox 0.8.0
  • Mozilla Firefox 0.9.0
  • Mozilla Firefox 0.9.0 Rc
  • Mozilla Firefox 0.9.1
  • Mozilla Firefox 0.9.2
  • Mozilla Firefox 0.9.3
  • Mozilla Firefox 1.0.0
  • Mozilla Firefox 1.0.1
  • Mozilla Thunderbird 0.6.0
  • Mozilla Thunderbird 0.7.0
  • Mozilla Thunderbird 0.7.1
  • Mozilla Thunderbird 0.7.2
  • Mozilla Thunderbird 0.7.3
  • Mozilla Thunderbird 0.8.0
  • Mozilla Thunderbird 0.9.0
  • Mozilla Thunderbird 1.0.0
  • Mozilla Thunderbird 1.0.1
  • Netscape 6.2.1
  • Netscape 6.2.2
  • Netscape 6.2.3
  • Netscape 7.0.0
  • Netscape 7.1.0
  • Netscape 7.2.0
  • Red Hat Desktop 3.0.0
  • Red Hat Desktop 4.0.0
  • Red Hat Enterprise Linux AS 2.1
  • Red Hat Enterprise Linux AS 2.1 IA64
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux ES 2.1
  • Red Hat Enterprise Linux ES 2.1 IA64
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux WS 2.1
  • Red Hat Enterprise Linux WS 2.1 IA64
  • Red Hat Enterprise Linux WS 3
  • Red Hat Enterprise Linux WS 4
  • Red Hat Fedora Core1
  • Red Hat Fedora Core2
  • Red Hat Linux 7.3.0
  • Red Hat Linux 7.3.0 I386
  • Red Hat Linux 7.3.0 I686
  • Red Hat Linux 9.0.0 I386
  • Red Hat Linux Advanced Work Station 2.1.0
  • SCO Unixware 7.1.4
  • SGI ProPack 3.0.0
  • SuSE Linux Personal 10.0.0 OSS
  • SuSE Linux Personal 9.1.0
  • SuSE Linux Personal 9.1.0 X86 64
  • SuSE Linux Personal 9.2.0
  • SuSE Linux Personal 9.2.0 X86 64
  • SuSE Linux Personal 9.3.0
  • SuSE Linux Personal 9.3.0 X86 64
  • SuSE Linux Professional 10.0.0
  • SuSE Linux Professional 10.0.0 OSS
  • SuSE Linux Professional 9.1.0
  • SuSE Linux Professional 9.1.0 X86 64
  • SuSE Linux Professional 9.2.0
  • SuSE Linux Professional 9.2.0 X86 64
  • SuSE Linux Professional 9.3.0
  • SuSE Linux Professional 9.3.0 X86 64

References

  • BugTraq: 12881
  • CVE: CVE-2005-0399
  • URL: http://www.mozilla.org/security/announce/mfsa2005-30.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out