Fortinet Discovers Mozilla Products Graphic Rendering Memory Corruption Vulnerability
Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in various Mozilla products, allowing a remote attacker to compromise targeted systems upon viewing malicious HTML document.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Sep 24, 2008
Upgrade to latest version available from http://www.mozilla.org/.
The vulnerability lies in common graphics routines rendering, and is caused by insufficient checking of long strings when displaying them. There are two main attack scenarios:
1) A malicious html page could be hosted on a rogue or hacked web server, targeting users who browse the page in Firefox or Seamonkey.
2) A malicious html formatted e-mail could be mailed (or mass-mailed), targeting recipients who open the e-mail in Thunderbird or Seamonkey.
David Maciejak of Fortinet's FortiGuard Global Security Research Team