Mozilla SVG memory corruption vulnerability

Overview

Mozilla products contain a memory corruption vulnerability related to SVG processing. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

Scalable Vector Graphics (SVG) processing code in Mozilla Firefox and SeaMonkey contains a memory corruption vulnerability. According to Mozilla Foundation Security Advisory 2006-73:

_Appending an SVG comment DOM node from one document into another type of document such as HTML in some cases results in a crash due to memory corruption that can be exploited to run arbitrary code. _

_This flaw was introduced in the Firefox 1.5.0.4 release, prior versions are unaffected. _

---

Impact

By convincing a user to visit a specially crafted website, a remote, unauthenticated attacker may be able to execute arbitrary code.

---

Solution

Upgrade

Mozilla has addressed these vulnerabilities in Firefox 2.0.0.1, Firefox 1.5.0.9 and SeaMonkey 1.0.7.

---

Workaround

Disable JavaScript

For instructions on how to disable JavaScript in Firefox, please refer to the Firefox section of the Securing Your Web Browser document.

---

Vendor Information

928956

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Mozilla __ Affected

Updated: December 20, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www.mozilla.org/security/announce/2006/mfsa2006-73.html.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23928956 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.mozilla.org/security/announce/2006/mfsa2006-73.html&gt;
• <http://www.zerodayinitiative.com/advisories/ZDI-06-051.html&gt;
• <https://bugzilla.mozilla.org/show_bug.cgi?id=360021&gt;
• <http://secunia.com/advisories/23420/&gt;
• <http://secunia.com/advisories/23591/&gt;
• <http://secunia.com/advisories/23598/&gt;
• <http://secunia.com/advisories/23439/&gt;
• <http://secunia.com/advisories/23514/&gt;
• <http://secunia.com/advisories/23545/&gt;
• <http://secunia.com/advisories/23601/&gt;
• <http://secunia.com/advisories/23614/&gt;
• <http://secunia.com/advisories/23618/&gt;
• <http://secunia.com/advisories/23692/&gt;
• <http://www.securityfocus.com/bid/21668&gt;

Acknowledgements

This vulnerability was reported by Mozilla who in turn credits TippingPoint and the Zero Day Initiative.

This document was written by Katie Steiner.

Other Information

CVE IDs:	CVE-2006-6504
Severity Metric:	26.78 Date Public: