• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability

Bugtraq ID:	36855
Class:	Boundary Condition Error
CVE:	CVE-2009-3373
Remote:	Yes
Local:	No
Published:	Oct 27 2009 12:00AM
Updated:	Nov 10 2009 12:36AM
Credit:	regenrecht reported this issue to iDefense.
Vulnerable:	Slackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux 12.2 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current S.u.S.E. SUSE Linux Enterprise Server 10 SP3 S.u.S.E. SUSE Linux Enterprise Server 10 SP2 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP3 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP2 S.u.S.E. SUSE Linux Enterprise 10 SP3 DEBUGINFO S.u.S.E. SUSE Linux Enterprise 10 SP2 DEBUGINFO S.u.S.E. SLES 11 DEBUGINFO S.u.S.E. SLES 11 S.u.S.E. SLED 11 S.u.S.E. SLE SDK 10 SP3 S.u.S.E. SLE SDK 10 SP2 S.u.S.E. SLE 11 S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux Desktop version 4 RedHat Enterprise Linux 5 server RedHat Desktop 3.0 Pardus Linux 2009 0 Pardus Linux 2008 0 Mozilla SeaMonkey 1.1.17 Mozilla SeaMonkey 1.1.16 Mozilla SeaMonkey 1.1.15 Mozilla SeaMonkey 1.1.15 Mozilla SeaMonkey 1.1.14 Mozilla SeaMonkey 1.1.13 Mozilla SeaMonkey 1.1.12 Mozilla SeaMonkey 1.1.11 Mozilla SeaMonkey 1.1.10 Mozilla SeaMonkey 1.1.9 Mozilla SeaMonkey 1.1.8 Mozilla SeaMonkey 1.1.7 Mozilla SeaMonkey 1.1.6 Mozilla SeaMonkey 1.1.5 Mozilla SeaMonkey 1.1.4 Mozilla SeaMonkey 1.1.3 Mozilla SeaMonkey 1.1.2 Mozilla SeaMonkey 1.1.1 Mozilla SeaMonkey 1.0.99 Mozilla SeaMonkey 1.0.9 Mozilla SeaMonkey 1.0.8 Mozilla SeaMonkey 1.0.7 Mozilla SeaMonkey 1.0.6 Mozilla SeaMonkey 1.0.5 Mozilla SeaMonkey 1.0.3 Mozilla SeaMonkey 1.0.2 Mozilla SeaMonkey 1.0.1 Mozilla SeaMonkey 1.1 beta Mozilla SeaMonkey 1.0 dev Mozilla SeaMonkey 1.0 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5 Mozilla Firefox 3.0.14 Mozilla Firefox 3.0.13 Mozilla Firefox 3.0.12 Mozilla Firefox 3.0.11 Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.1 Mozilla Firefox 3.0 MandrakeSoft Linux Mandrake 2010.0 x86_64 MandrakeSoft Linux Mandrake 2010.0 MandrakeSoft Linux Mandrake 2009.1 x86_64 MandrakeSoft Linux Mandrake 2009.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0
Not Vulnerable:	Mozilla SeaMonkey 2.0 Mozilla Firefox 3.5.4 Mozilla Firefox 3.0.15