Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability

2010-06-23T00:00:00
ID ZDI-10-113
Type zdi
Reporter Martin Barbella
Modified 2010-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or otherwise render a malicious file.

The specific flaw exists within a particular XSLT transformation when applied to an XML document. If a large number of elements have this transformation applied to them, the application will misallocate a buffer. Upon usage of this buffer the application will copy more data than allocated thus causing an overflow. This can lead to code execution under the context of the application.