Mozilla.SVG.Stroke-width.Buffer.Overflow

Release Date	Dec 27, 2007
Severity	High
Impact	System Compromise.
Description	This indicates a possible attempt to exploit a buffer overflow vulnerability in Mozilla Firefox, Thunderbird and SeaMonkey. These Mozilla products fail to validate input passed to the 'stroke-width' variable in the '_cairo_pen_init' function, resulting in a heap overflow. With a specially crafted .svg file, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Affected Products	Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux wizpy 0 Turbolinux Turbolinux Server 10.0 x86 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 10.0.0 x64 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux FUJI Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home Turbolinux FUJI 0 SuSE SLES 10 SuSE SLED 10.0 SuSE openSUSE 10.2 SuSE Linux 9.3 SuSE Linux 10.1 SuSE Linux 10.0 Sun Solaris 10.0 _x86 Sun Solaris 10.0 Sun Solaris 9_x86 Sun Solaris 9 Sun Java Web Proxy Server 4.0 Sun Java System Web Server 7.0 Sun Java System Web Server 6.1 Sun Java System Application Server Platform Edition 8.1 2005 Q1 Sun Java System Application Server Enterprise Edition 8.1 2005Q1RHEL2.1/RHEL3 Sun Java Enterprise System 5 Sun Java Enterprise System 2005Q4 Sun Java Enterprise System 2005Q1 Sun Java Enterprise System 2004Q2 Sun Java Enterprise System 2003Q4 Slackware Linux 10.2 Slackware Linux 11.0 SGI ProPack 3.0 SP6 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SUSE Linux Enterprise Server 9 SP3 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Linux Enterprise Server 8 rPath rPath Linux 1 RedHat Fedora Core6 RedHat Fedora Core5 RedHat Enterprise Linux Optional Productivity Application v.5 server RedHat Enterprise Linux Desktop Workstation v. 5 client RedHat Enterprise Linux Desktop v.5 client RedHat Enterprise Linux WS 4 RedHat Enterprise Linux v. 5 server RedHat Enterprise Linux ES 4 RedHat Enterprise Linux AS 4 RedHat Desktop 4.0 Pardus Linux 2007.1 Novell Linux Desktop 9 Mozilla Thunderbird 1.5 beta 2 Mozilla Thunderbird 1.5 .9 Mozilla Thunderbird 1.5 Mozilla Thunderbird 1.0.8 Mozilla Thunderbird 1.0.7 Mozilla Thunderbird 1.0.6 Mozilla Thunderbird 1.0.5 Mozilla Thunderbird 1.0.2 Mozilla Thunderbird 1.0.1 Mozilla Thunderbird 1.0 Mozilla Thunderbird 0.9 Mozilla Thunderbird 0.8 Mozilla Thunderbird 0.7.3 Mozilla Thunderbird 0.7.2 Mozilla Thunderbird 0.7.1 Mozilla Thunderbird 0.7 Mozilla Thunderbird 0.6 Mozilla Thunderbird 1.5.0.8 Mozilla Thunderbird 1.5.0.7 Mozilla Thunderbird 1.5.0.5 Mozilla Thunderbird 1.5.0.4 Mozilla Thunderbird 1.5.0.2 Mozilla Thunderbird 1.5.0.1 Mozilla SeaMonkey 1.0.99 Mozilla SeaMonkey 1.0.7 Mozilla SeaMonkey 1.0.6 Mozilla SeaMonkey 1.0.5 Mozilla SeaMonkey 1.0.3 Mozilla SeaMonkey 1.0.2 Mozilla SeaMonkey 1.0.1 Mozilla SeaMonkey 1.0 dev Mozilla SeaMonkey 1.0 Mozilla Firefox 2.0 .1 Mozilla Firefox 1.5 beta 2 Mozilla Firefox 1.5 beta 1 Mozilla Firefox 1.5 .8 Mozilla Firefox 1.5 .6 Mozilla Firefox 1.5 Mozilla Firefox 1.5 Mozilla Firefox 1.0.8 Mozilla Firefox 1.0.7 Mozilla Firefox 1.0.6 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.4 Mozilla Firefox 1.0.3 Mozilla Firefox 1.0.2 Mozilla Firefox 1.0.1 Mozilla Firefox 1.0 Mozilla Firefox 0.10.1 Mozilla Firefox 0.10 Mozilla Firefox 0.9.3 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9 rc Mozilla Firefox 0.9 Mozilla Firefox 0.8 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0 RC3 Mozilla Firefox 2.0 RC2 Mozilla Firefox 2.0 beta 1 Mozilla Firefox 2.0 Mozilla Firefox 1.5.0.9 Mozilla Firefox 1.5.0.7 Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.5 Mozilla Firefox 1.5.0.4 Mozilla Firefox 1.5.0.3 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.1 Mozilla Camino 1.0.3 Mozilla Camino 1.0.2 Mozilla Camino 1.0.1 Mozilla Camino 0.8.4 Mozilla Camino 0.8.3 Mozilla Camino 0.8 Mozilla Camino 0.7 .0 Mozilla Camino 1.5 Mozilla Camino 1.0 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 HP HP-UX B.11.23 HP HP-UX B.11.11 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 2.0 Avaya Messaging Storage Server 1.0 Avaya Messaging Storage Server Avaya Interactive Response 2.0
Recommended Actions	Refer to MFSA 2007-01 for upgrade information: http://www.mozilla.org/security/announce/2007/mfsa2007-01.html.
Common Vulnerabilities and Exposures (CVE)	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-0776
Reference/s	http://www.securityfocus.com/bid/22694 (BugTraq) http://www.vupen.com/english/advisories/2007/0719 (FrSIRT)

Reference: VID-14203