Mozilla Firefox 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption Vulnerability
BID:38943
Info
Mozilla Firefox 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption Vulnerability
| Bugtraq ID: | 38943 |
| Class: | Unknown |
| CVE: |
CVE-2010-0166 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 24 2010 12:00AM |
| Updated: | Jan 05 2011 08:32PM |
| Credit: | Jesse Ruderman |
| Vulnerable: |
Mozilla Firefox 3.6 |
| Not Vulnerable: |
Mozilla Firefox 3.6.2 |
Discussion
Mozilla Firefox 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption Vulnerability
Mozilla Firefox is prone to a remote memory-corruption vulnerability.
Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
Firefox 3.6 for Apple Mac OS X is vulnerable.
NOTE: This issue was previously covered in BID 38918 (Mozilla Firefox Thunderbird and Seamonkey MFSA 2010-09 through -15 Multiple Vulnerabilities) but has been assigned its own record to better document it.
Mozilla Firefox is prone to a remote memory-corruption vulnerability.
Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
Firefox 3.6 for Apple Mac OS X is vulnerable.
NOTE: This issue was previously covered in BID 38918 (Mozilla Firefox Thunderbird and Seamonkey MFSA 2010-09 through -15 Multiple Vulnerabilities) but has been assigned its own record to better document it.
Exploit / POC
Mozilla Firefox 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption Vulnerability
The following proof-of-concept is available:
The following proof-of-concept is available:
Solution / Fix
Mozilla Firefox 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Mozilla Firefox 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption Vulnerability
References:
References:
- Bug 538065 - (CVE-2010-0166) "ASSERTION: invalid array index" with glyphruns at (Jesse Ruderman )
- Mozilla Homepage (Mozilla Foundation)
- MFSA 2010-11 - Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.8/ (Mozilla Foundation)