Intrusion Prevention

Mozilla.SVG.Stroke-width.Buffer.Overflow

Description

This indicates a possible attempt to exploit a buffer overflow vulnerability in Mozilla Firefox, Thunderbird and SeaMonkey.
These Mozilla products fail to validate input passed to the 'stroke-width' variable in the '_cairo_pen_init' function, resulting in a heap overflow. With a specially crafted .svg file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Affected Products

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Turbolinux wizpy 0
Turbolinux Turbolinux Server 10.0 x86
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 10.0.0 x64
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux FUJI
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Turbolinux FUJI 0
SuSE SLES 10
SuSE SLED 10.0
SuSE openSUSE 10.2
SuSE Linux 9.3
SuSE Linux 10.1
SuSE Linux 10.0
Sun Solaris 10.0 _x86
Sun Solaris 10.0
Sun Solaris 9_x86
Sun Solaris 9
Sun Java Web Proxy Server 4.0
Sun Java System Web Server 7.0
Sun Java System Web Server 6.1
Sun Java System Application Server Platform Edition 8.1 2005 Q1
Sun Java System Application Server Enterprise Edition 8.1 2005Q1RHEL2.1/RHEL3
Sun Java Enterprise System 5
Sun Java Enterprise System 2005Q4
Sun Java Enterprise System 2005Q1
Sun Java Enterprise System 2004Q2
Sun Java Enterprise System 2003Q4
Slackware Linux 10.2
Slackware Linux 11.0
SGI ProPack 3.0 SP6
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SUSE Linux Enterprise Server 9 SP3
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Linux Enterprise Server 8
rPath rPath Linux 1
RedHat Fedora Core6
RedHat Fedora Core5
RedHat Enterprise Linux Optional Productivity Application v.5 server
RedHat Enterprise Linux Desktop Workstation v. 5 client
RedHat Enterprise Linux Desktop v.5 client
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux v. 5 server
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux AS 4
RedHat Desktop 4.0
Pardus Linux 2007.1
Novell Linux Desktop 9
Mozilla Thunderbird 1.5 beta 2
Mozilla Thunderbird 1.5 .9
Mozilla Thunderbird 1.5
Mozilla Thunderbird 1.0.8
Mozilla Thunderbird 1.0.7
Mozilla Thunderbird 1.0.6
Mozilla Thunderbird 1.0.5
Mozilla Thunderbird 1.0.2
Mozilla Thunderbird 1.0.1
Mozilla Thunderbird 1.0
Mozilla Thunderbird 0.9
Mozilla Thunderbird 0.8
Mozilla Thunderbird 0.7.3
Mozilla Thunderbird 0.7.2
Mozilla Thunderbird 0.7.1
Mozilla Thunderbird 0.7
Mozilla Thunderbird 0.6
Mozilla Thunderbird 1.5.0.8
Mozilla Thunderbird 1.5.0.7
Mozilla Thunderbird 1.5.0.5
Mozilla Thunderbird 1.5.0.4
Mozilla Thunderbird 1.5.0.2
Mozilla Thunderbird 1.5.0.1
Mozilla SeaMonkey 1.0.99
Mozilla SeaMonkey 1.0.7
Mozilla SeaMonkey 1.0.6
Mozilla SeaMonkey 1.0.5
Mozilla SeaMonkey 1.0.3
Mozilla SeaMonkey 1.0.2
Mozilla SeaMonkey 1.0.1
Mozilla SeaMonkey 1.0 dev
Mozilla SeaMonkey 1.0
Mozilla Firefox 2.0 .1
Mozilla Firefox 1.5 beta 2
Mozilla Firefox 1.5 beta 1
Mozilla Firefox 1.5 .8
Mozilla Firefox 1.5 .6
Mozilla Firefox 1.5
Mozilla Firefox 1.5
Mozilla Firefox 1.0.8
Mozilla Firefox 1.0.7
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.4
Mozilla Firefox 1.0.3
Mozilla Firefox 1.0.2
Mozilla Firefox 1.0.1
Mozilla Firefox 1.0
Mozilla Firefox 0.10.1
Mozilla Firefox 0.10
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9 rc
Mozilla Firefox 0.9
Mozilla Firefox 0.8
Mozilla Firefox 2.0.0.10
Mozilla Firefox 2.0 RC3
Mozilla Firefox 2.0 RC2
Mozilla Firefox 2.0 beta 1
Mozilla Firefox 2.0
Mozilla Firefox 1.5.0.9
Mozilla Firefox 1.5.0.7
Mozilla Firefox 1.5.0.6
Mozilla Firefox 1.5.0.5
Mozilla Firefox 1.5.0.4
Mozilla Firefox 1.5.0.3
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.1
Mozilla Camino 1.0.3
Mozilla Camino 1.0.2
Mozilla Camino 1.0.1
Mozilla Camino 0.8.4
Mozilla Camino 0.8.3
Mozilla Camino 0.8
Mozilla Camino 0.7 .0
Mozilla Camino 1.5
Mozilla Camino 1.0
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
HP HP-UX B.11.23
HP HP-UX B.11.11
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Avaya Messaging Storage Server MM3.0
Avaya Messaging Storage Server 2.0
Avaya Messaging Storage Server 1.0
Avaya Messaging Storage Server
Avaya Interactive Response 2.0

Impact

System Compromise.

Recommended Actions

Refer to MFSA 2007-01 for upgrade information:
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html.

CVE References

CVE-2007-0776