Mozilla has patched a Firefox vulnerability, discovered by the Internet Security Systems group. The concern has to do with the method in which Mozilla’s browser resolves .gif images.
According to ISS, the security flaw was discovered in the, “GIF image processing library used in software developed by the Mozilla Foundation. This library is used by the Firefox web browser, the Mozilla browser, and Mozilla’s Thunderbird Mail client. By crafting a GIF file in a malicious manner, an attacker is able to trigger a heap overflow within the application viewing the image, leading to arbitrary code execution and remote compromise.”
No known attacks taking advantage of the security flaw have been reported.
The findings for the hole were published by ISS yesterday and in true Mozilla fashion, a patch and a press release were issued before the day was out.
Chris Hoffman, director of engineering for the Mozilla Foundation, says, “The Mozilla Foundation is deeply committed to providing its users with the safest Internet experience possible. To deliver our users the experience they deserve, we must stay ahead of the curve in patching potential vulnerabilities. For example, the bug patched in this update has no known real world exploits, and we were able to provide a quick response.”
An updated version of Mozilla’s popular browser is available at GetFirefox.com.
=======================================
Fanatical Support and Instant Emergency
Response on our Zero-Downtime Network
Get more info on our managed hosting solutions on Linux or Microsoft operating systems
=======================================
Chris Richardson is a search engine writer and editor for Murdok. Visit Murdok for the latest search news.
