Mozilla Foundation Security Advisory 2005-30
GIF heap overflow parsing Netscape extension 2
- Announced
- March 22, 2005
- Reporter
- Mark Dowd (ISS X-Force)
- Risk
- High
- Impact
- Critical
- Products
- Firefox, Mozilla Suite, Thunderbird
- Fixed in
- 
        - Firefox 1.0.2
- Mozilla Suite 1.7.6
- Thunderbird 1.0.2
 
Description
An GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine.
Workaround
Turn off image display. Upgrade to the fixed version.
Important Note: The image blocking used in Mozilla Thunderbird and the mail client in the Mozilla Suite only blocks images loaded from remote servers. It will still display "in-line" images and is insufficient to protect against a potential attack. Instead, on the View menu choose "Message Body As" and set it to "Plain Text".
We, of course, recommend upgrading to the fixed version.