Firefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access

2012-05-21T00:00:00
ID SAINT:AC6E65EF51EFC8927BA761387238C0F3
Type saint
Reporter SAINT Corporation
Modified 2012-05-21T00:00:00

Description

Added: 05/21/2012
CVE: CVE-2011-3658
BID: 51138
OSVDB: 77953

Background

Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.

Problem

A flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access and possible remote code execution if SVG elements are removed during a **DOMAttrModified** event handler.

Resolution

Upgrade to Firefox 9.0 or higher.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-056/>
<https://bugzilla.mozilla.org/show_bug.cgi?id=708186>

Limitations

This exploit has been tested on Mozilla Foundation Firefox 7.0.1 and 8.0.1 on Windows XP SP3 English (DEP OptIn).

The user must load the exploit page in Firefox.

Platforms

Windows XP