[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Mozilla Firefox Floating Point Memory Allocation Vulnerability

ID: oval:org.mitre.oval:def:6528Date: (C)2009-11-04   (M)2017-10-04
Class: VULNERABILITYFamily: windows




Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

Platform:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Product:
Mozilla Firefox
Reference:
CVE-2009-0689
CVE    1
CVE-2009-0689
CPE    19
cpe:/a:mozilla:firefox:3.0.4
cpe:/a:mozilla:firefox:3.5
cpe:/a:mozilla:firefox:3.0.5
cpe:/a:mozilla:firefox:3.0.2
...

© 2013 SecPod Technologies