HTTP: Mozilla Firefox Floating Point Number Conversion Memory Corruption
A memory corruption vulnerability exists in Mozilla Firefox Browser. The vulnerability is due to a boundary error when processing very long floating point numbers. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious web page. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful exploit attempt can crash the affected application.
Extended Description
Mozilla Firefox is prone to a heap-based buffer-overflow vulnerability. An attacker can exploit this issue by tricking a victim into visiting a malicious webpage to execute arbitrary code and to cause denial-of-service conditions. NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities). NOTE 2: This issue is related to BID 35510 (Multiple BSD Distributions 'gdtoa/misc.c' Memory Corruption Vulnerability), but because of differences in the code base, it is being assigned its own record.
Affected Products
Pardus linux_2009
Short Name
HTTP:STC:MOZILLA:MOZ-FLOAT-OF
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-1563 Conversion Corruption Firefox Floating Memory Mozilla Number Point bid:36851
Release Date
10/14/2010
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Suse
K-meleon
Sun
Mozilla
Avaya
Pardus
Slackware
Ubuntu
Mandriva
Flock
Debian
Vmware