Lucene search

K
mozillaMozilla FoundationMFSA2009-10
HistoryMar 04, 2009 - 12:00 a.m.

Upgrade PNG library to fix memory safety hazards — Mozilla

2009-03-0400:00:00
Mozilla Foundation
www.mozilla.org
26

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.075

Percentile

94.1%

Google security researcher Tavis Ormandy reported several memory safety hazards to the libpng project, an external library used by Mozilla to render PNG images. These vulnerabilities could be used by a malicious website to crash a victim’s browser and potentially execute arbitrary code on their computer. libpng was upgraded to version 1.2.35 which containis fixes for these flaws.

Affected configurations

Vulners
Node
mozillafirefoxRange<3.0.7
OR
mozillaseamonkeyRange<1.1.15
OR
mozillathunderbirdRange<2.0.0.21

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.075

Percentile

94.1%