Firefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access

Added: 05/21/2012
CVE: CVE-2011-3658
BID: 51138
OSVDB: 77953

Background

Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.

Problem

A flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access and possible remote code execution if SVG elements are removed during a DOMAttrModified event handler.

Resolution

Upgrade to Firefox 9.0 or higher.

References

http://www.zerodayinitiative.com/advisories/ZDI-12-056/
https://bugzilla.mozilla.org/show_bug.cgi?id=708186

Limitations

This exploit has been tested on Mozilla Foundation Firefox 7.0.1 and 8.0.1 on Windows XP SP3 English (DEP OptIn).

The user must load the exploit page in Firefox.

Platforms

Windows XP

Back to exploit index