P-160: GIF Heap Overflow Parsing Netscape Extension 2

P-160: GIF Heap Overflow Parsing Netscape Extension 2 Privacy and Legal Notice INFORMATION BULLETIN P-160: GIF Heap Overflow Parsing Netscape Extension 2 [Mozilla Foundation Security Advisory 2005-30] March 23, 2005 20:00 GMT
[REVISED 24 Mar 2005]
[REVISED 20 Apr 2005]


PROBLEM:	A GIF processing error when parsing the obsolete Netscape extension 2 files can lead to an exploitable heap overrun.
PLATFORM:	Firefox Thunderbird Mozilla Suite Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS, ES, WS (v. 4) HP-UX B.11.00, B.11.11, B.11.22, B.11.23
DAMAGE:	An attacker can run arbitrary code with the privileges of the user viewing the image.
SOLUTION:	Upgrade to the appropriate version.

VULNERABILITY ASSESSMENT:	The risk is MEDIUM. A user would have to visit a malicious web page or be coerced to click on a malicious link.

LINKS:
CIAC BULLETIN:	http://www.ciac.org/ciac/bulletins/p-160.shtml
ORIGINAL BULLETIN:	Mozilla Foundation Security Advisory 2005-30
	http://www.mozilla.org/security/announce/mfsa2005-30.html
ADDITIONAL LINKS:	ISS X-Force http://xforce.iss.net/xforce/alerts/id/191
	Red Hat RHSA-2005:336-03 https://rhn.redhat.com/errata/RHSA-2005-336.html
	Red Hat RHSA-2005:337-02 https://rhn.redhat.com/errata/RHSA-2005-337.html Visit Hewlett Packard Subscription Service for: HPSBUX01133 / SSRT 5940
CVE/CAN:	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2005-0399

REVISION HISTORY:
03/24/2005 - revised to add a link to Red Hat Security Advisory RHSA-2005:336-03 
             and RHSA-2005:337-02 for Red Hat Desktop and Red Hat Enterprise 
			 Linux AS, ES, WS (v. 4).
04/20/2005 - added a reference to HP Security Bulletin HPSBUX01133
             SSRT5940 that provides patches for HP-UX B.11.00, B.11.11, B.11.22, 
             B.11.23.
				 
				 
				 
[***** Start Mozilla Foundation Security Advisory 2005-30 *****]

Mozilla Foundation Security Advisory 2005-30
Title: GIF heap overflow parsing Netscape extension 2
Severity: Critical
Risk: High
Reporter: Mark Dowd (ISS X-Force)
Products: Firefox, Thunderbird, Mozilla Suite

Fixed in: Firefox 1.0.2
  Thunderbird 1.0.2
  Mozilla Suite 1.7.6

Description
An GIF processing error when parsing the obsolete Netscape extension 2 can lead 
to an exploitable heap overrun, allowing an attacker to run arbitrary code on 
the user's machine. 
Workaround
Turn off image display. Upgrade to the fixed version. 
References
https://bugzilla.mozilla.org/show_bug.cgi?id=285595
http://xforce.iss.net/xforce/alerts/id/191
CAN-2005-0399

[***** End Mozilla Foundation Security Advisory 2005-30 *****]

CIAC wishes to acknowledge the contributions of Mozilla for the information contained in this bulletin.

DOE-CIRC can be contacted at:

    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/