Release DateMar 10, 2011 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit a heap-based buffer-overflow vulnerability in Mozilla Firefox.This issue is caused by an error in the vulnerable software when handling a malformed PNG file. It may allow remote attackers to execute arbitrary code by sending a crafted image file. |
Affected ProductsMozilla Firefox 3.6.4Mozilla Firefox 3.6.3 Mozilla Firefox 3.6.2 Mozilla Firefox 3.6.2 Mozilla Firefox 3.5.10 Mozilla Firefox 3.5.9 Mozilla Firefox 3.5.8 Mozilla Firefox 3.5.7 Mozilla Firefox 3.5.6 Mozilla Firefox 3.5.5 Mozilla Firefox 3.5.4 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5 Mozilla Firefox 3.6 |
Recommended ActionsUpgrade to the latest version, available from the vendor's web site:http://www.mozilla.com |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-1205 |
Reference/shttp://www.exploit-db.com/exploits/14422/http://www.securityfocus.com/bid/41174 (BugTraq) |
