FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- heap buffer overflow in GIF image processing

Affected packages
firefox < 1.0.2,1
linux-firefox < 1.0.2
thunderbird < 1.0.2
mozilla < 1.7.6,2
1.8.*,2 <= mozilla
linux-mozilla < 1.7.6
1.8.* <= linux-mozilla
linux-mozilla-devel < 1.7.6
1.8.* <= linux-mozilla-devel
0 <= netscape7
0 <= de-linux-mozillafirebird
0 <= el-linux-mozillafirebird
0 <= ja-linux-mozillafirebird-gtk1
0 <= ja-mozillafirebird-gtk2
0 <= linux-mozillafirebird
0 <= ru-linux-mozillafirebird
0 <= zhCN-linux-mozillafirebird
0 <= zhTW-linux-mozillafirebird
0 <= de-linux-netscape
0 <= de-netscape7
0 <= fr-linux-netscape
0 <= fr-netscape7
0 <= ja-linux-netscape
0 <= ja-netscape7
0 <= linux-netscape
0 <= linux-phoenix
0 <= mozilla+ipv6
0 <= mozilla-embedded
0 <= mozilla-firebird
0 <= mozilla-gtk
0 <= mozilla-gtk1
0 <= mozilla-gtk2
0 <= mozilla-thunderbird
0 <= phoenix
0 <= pt_BR-netscape7

Details

VuXML ID 7d2aac52-9c6b-11d9-99a7-000a95bc6fae
Discovery 2005-03-10
Entry 2005-03-24

A Mozilla Foundation Security Advisory states:

An (sic) GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine.

References

CVE Name CVE-2005-0399
URL http://www.mozilla.org/security/announce/mfsa2005-30.html
URL http://xforce.iss.net/xforce/alerts/id/191
URL https://bugzilla.mozilla.org/show_bug.cgi?id=285595