Description
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
Affected products
- Mozilla / mozilla0.9.5 – 0.9.5
- Mozilla / mozilla0.9.6 – 0.9.6
- Mozilla / mozilla0.9.7 – 0.9.7
- Mozilla / mozilla0.9.8 – 0.9.8
- Mozilla / mozilla0.9.9 – 0.9.9
- Mozilla / mozilla1.0 – 1.0
- netscape / navigator6.2 – 6.2
- netscape / navigator6.2.1 – 6.2.1
- netscape / navigator6.2.2 – 6.2.2
- netscape / navigator6.2.3 – 6.2.3
- opera_software / opera_web_browser5.12 – 5.12
- opera_software / opera_web_browser6.0 – 6.0
- opera_software / opera_web_browser6.0.1 – 6.0.1
References
- MISChttp://www.redhat.com/support/errata/RHSA-2003-046.html
- MISChttp://bugzilla.mozilla.org/show_bug.cgi?id=157989
- MISChttp://www.securityfocus.com/bid/5665
- VENDOR_ADVISORYhttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075
- MISChttp://crash.ihug.co.nz/~Sneuro/zerogif/
- MISChttp://www.redhat.com/support/errata/RHSA-2002-192.html
- MAILING_LISThttp://marc.info/?l=bugtraq&m=103134051120770&w=2
- MISChttp://www.iss.net/security_center/static/10058.php