Description
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by regenrecht · textremotelinux
https://www.exploit-db.com/exploits/33313
References (7)
Core 7
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2009/mfsa2009-56.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10684
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=511689
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6548
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3334
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
Scores
EPSS
0.1162
EPSS Percentile
93.7%
Details
CWE
CWE-119
Status
published
Products (43)
mozilla/firefox
3.0 (4 CPE variants)
mozilla/firefox
3.0.1
mozilla/firefox
3.0.2
mozilla/firefox
3.0.3
mozilla/firefox
3.0.4
mozilla/firefox
3.0.5
mozilla/firefox
3.0.6
mozilla/firefox
3.0.7
mozilla/firefox
3.0.8
mozilla/firefox
3.0.9
... and 33 more
Published
Oct 29, 2009
Tracked Since
Feb 18, 2026