Basic search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25845
HistoryMar 03, 2011 - 12:00 a.m.

Mozilla Foundation Security Advisory 2011-09

2011-03-0300:00:00
vulners.com
23

Mozilla Foundation Security Advisory 2011-09

Title: Crash caused by corrupted JPEG image
Impact: Critical
Announced: March 1, 2011
Reporter: Jordi Chancel
Products: Firefox, Thunderbird

Fixed in: Firefox 3.6.14
Thunderbird 3.1.8
Description

Security researcher Jordi Chancel reported that a JPEG image could be constructed that would be decoded incorrectly, causing data to be written past the end of a buffer created to store the image. An attacker could potentially craft such an image that would cause malicious code to be stored in memory and then later executed on a victim's computer.

Firefox 3.5 was not affected by this issue.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=610601
* CVE-2011-0061
Related for SECURITYVULNS:DOC:25845