• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability

Severity: HIGH

Description:

Mozilla Firefox and Thunderbird are prone to a remote integer-overflow vulnerability in the 'base64' decoding function. An attacker can exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code.

The vulnerability is fixed in Firefox 3.0.12 and 3.5.

NOTE: Thunderbird is also affected but Mozilla hasn't specified the vulnerable and fixed versions.

This vulnerability was previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.

Affected Products:

• Debian Linux 4.0
• Debian Linux 4.0 alpha
• Debian Linux 4.0 amd64
• Debian Linux 4.0 arm
• Debian Linux 4.0 armel
• Debian Linux 4.0 hppa
• Debian Linux 4.0 ia-32
• Debian Linux 4.0 ia-64
• Debian Linux 4.0 m68k
• Debian Linux 4.0 mips
• Debian Linux 4.0 mipsel
• Debian Linux 4.0 powerpc
• Debian Linux 4.0 s/390
• Debian Linux 4.0 sparc
• Debian Linux 5.0
• Debian Linux 5.0 alpha
• Debian Linux 5.0 amd64
• Debian Linux 5.0 arm
• Debian Linux 5.0 armel
• Debian Linux 5.0 hppa
• Debian Linux 5.0 ia-32
• Debian Linux 5.0 ia-64
• Debian Linux 5.0 m68k
• Debian Linux 5.0 mips
• Debian Linux 5.0 mipsel
• Debian Linux 5.0 powerpc
• Debian Linux 5.0 s/390
• Debian Linux 5.0 sparc
• Linux kernel 2.6.5
• Mandriva Enterprise Server 5
• Mandriva Enterprise Server 5 x86_64
• Mandriva Linux Mandrake 2009.0
• Mandriva Linux Mandrake 2009.0 x86_64
• Mandriva Linux Mandrake 2009.1
• Mandriva Linux Mandrake 2009.1 x86_64
• Mozilla Firefox 3.0
• Mozilla Firefox 3.0 Beta 5
• Mozilla Firefox 3.0.1
• Mozilla Firefox 3.0.10
• Mozilla Firefox 3.0.11
• Mozilla Firefox 3.0.2
• Mozilla Firefox 3.0.3
• Mozilla Firefox 3.0.4
• Mozilla Firefox 3.0.5
• Mozilla Firefox 3.0.6
• Mozilla Firefox 3.0.7
• Mozilla Firefox 3.0.7 Beta
• Mozilla Firefox 3.0.8
• Mozilla Firefox 3.0.9
• Mozilla SeaMonkey 1.1 beta
• Mozilla SeaMonkey 1.1.1
• Mozilla SeaMonkey 1.1.10
• Mozilla SeaMonkey 1.1.11
• Mozilla SeaMonkey 1.1.12
• Mozilla SeaMonkey 1.1.13
• Mozilla SeaMonkey 1.1.14
• Mozilla SeaMonkey 1.1.15
• Mozilla SeaMonkey 1.1.16
• Mozilla SeaMonkey 1.1.17
• Mozilla SeaMonkey 1.1.18
• Mozilla SeaMonkey 1.1.2
• Mozilla SeaMonkey 1.1.3
• Mozilla SeaMonkey 1.1.4
• Mozilla SeaMonkey 1.1.5
• Mozilla SeaMonkey 1.1.6
• Mozilla SeaMonkey 1.1.7
• Mozilla SeaMonkey 1.1.8
• Mozilla SeaMonkey 1.1.9
• Mozilla Thunderbird 1.5.0
• Mozilla Thunderbird 1.5.0 beta 2
• Mozilla Thunderbird 1.5.0.1
• Mozilla Thunderbird 1.5.0.10
• Mozilla Thunderbird 1.5.0.12
• Mozilla Thunderbird 1.5.0.13
• Mozilla Thunderbird 1.5.0.14
• Mozilla Thunderbird 1.5.0.2
• Mozilla Thunderbird 1.5.0.4
• Mozilla Thunderbird 1.5.0.5
• Mozilla Thunderbird 1.5.0.7
• Mozilla Thunderbird 1.5.0.8
• Mozilla Thunderbird 1.5.0.9
• Mozilla Thunderbird 2.0.0 .19
• Mozilla Thunderbird 2.0.0.12
• Mozilla Thunderbird 2.0.0.13
• Mozilla Thunderbird 2.0.0.14
• Mozilla Thunderbird 2.0.0.15
• Mozilla Thunderbird 2.0.0.16
• Mozilla Thunderbird 2.0.0.17
• Mozilla Thunderbird 2.0.0.18
• Mozilla Thunderbird 2.0.0.21
• Mozilla Thunderbird 2.0.0.22
• Mozilla Thunderbird 2.0.0.23
• Mozilla Thunderbird 2.0.0.4
• Mozilla Thunderbird 2.0.0.5
• Mozilla Thunderbird 2.0.0.6
• Mozilla Thunderbird 2.0.0.8
• Mozilla Thunderbird 2.0.0.9
• Pardus Linux 2008
• Pardus Linux 2009
• Red Hat Desktop 3.0.0
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux 5 server
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux AS 4.8.z
• Red Hat Enterprise Linux Desktop 5 client
• Red Hat Enterprise Linux Desktop Workstation 5 client
• Red Hat Enterprise Linux Desktop version 4
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux ES 4.8.z
• Red Hat Enterprise Linux Optional Productivity Application 5 server
• Red Hat Enterprise Linux Optional Productivity Application 5.4.z server
• Red Hat Enterprise Linux WS 3
• Red Hat Enterprise Linux WS 4
• Red Hat Fedora 10
• Slackware Linux 12.2
• SuSE SUSE Linux Enterprise 10 SP2 DEBUGINFO
• SuSE SUSE Linux Enterprise 11
• SuSE SUSE Linux Enterprise Desktop 10 SP2
• SuSE SUSE Linux Enterprise Desktop 11
• SuSE SUSE Linux Enterprise SDK 10 SP2
• SuSE SUSE Linux Enterprise Server 10 SP2
• SuSE SUSE Linux Enterprise Server 11
• SuSE SUSE Linux Enterprise Server 11 DEBUGINFO
• SuSE openSUSE 10.3
• SuSE openSUSE 11.0
• SuSE openSUSE 11.1
• Sun OpenSolaris build snv_100
• Sun OpenSolaris build snv_101
• Sun OpenSolaris build snv_101a
• Sun OpenSolaris build snv_102
• Sun OpenSolaris build snv_103
• Sun OpenSolaris build snv_104
• Sun OpenSolaris build snv_105
• Sun OpenSolaris build snv_106
• Sun OpenSolaris build snv_107
• Sun OpenSolaris build snv_108
• Sun OpenSolaris build snv_109
• Sun OpenSolaris build snv_110
• Sun OpenSolaris build snv_111
• Sun OpenSolaris build snv_111a
• Sun OpenSolaris build snv_112
• Sun OpenSolaris build snv_113
• Sun OpenSolaris build snv_114
• Sun OpenSolaris build snv_115
• Sun OpenSolaris build snv_116
• Sun OpenSolaris build snv_117
• Sun OpenSolaris build snv_118
• Sun OpenSolaris build snv_95
• Sun OpenSolaris build snv_96
• Sun OpenSolaris build snv_98
• Sun OpenSolaris build snv_99
• Ubuntu Ubuntu Linux 8.04 LTS amd64
• Ubuntu Ubuntu Linux 8.04 LTS i386
• Ubuntu Ubuntu Linux 8.04 LTS lpia
• Ubuntu Ubuntu Linux 8.04 LTS powerpc
• Ubuntu Ubuntu Linux 8.04 LTS sparc
• Ubuntu Ubuntu Linux 8.10 amd64
• Ubuntu Ubuntu Linux 8.10 i386
• Ubuntu Ubuntu Linux 8.10 lpia
• Ubuntu Ubuntu Linux 8.10 powerpc
• Ubuntu Ubuntu Linux 8.10 sparc
• Ubuntu Ubuntu Linux 9.04 amd64
• Ubuntu Ubuntu Linux 9.04 i386
• Ubuntu Ubuntu Linux 9.04 lpia
• Ubuntu Ubuntu Linux 9.04 powerpc
• Ubuntu Ubuntu Linux 9.04 sparc
• Ubuntu Ubuntu Linux 9.10 amd64
• Ubuntu Ubuntu Linux 9.10 i386
• Ubuntu Ubuntu Linux 9.10 lpia
• Ubuntu Ubuntu Linux 9.10 powerpc
• Ubuntu Ubuntu Linux 9.10 sparc

References:

• Mozilla: MFSA 2010-07 Fixes for potentially exploitable crashes ported to the legacy bran
• Mozilla: Mozilla Foundation Security Advisory 2009-34
• Mozilla: Thunderbird Homepage
• Mozilla Foundation: Firefox Homepage
• Red Hat: RHSA-2010:0153 thunderbird security update
• Red Hat: RHSA-2010:0154 thunderbird security update
• Sun: 265068 Firefox

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.