Blogs

Mozilla SVG Processing Remote Code Execution

emailed security@ias.edu
It appears that versions of Firefox earlier then 1.5.0.9 and 2.0.0.1 and SeaMonkey 1.0.7 are vulnerable to a remote denial of service (DoS).

This flaw was introduced in Firefox 1.5.0.4.

This bug can create a DoS by crashing the browser. It does not appear that this exploit can execute any malicious code on the users computer at this time.

Proposed mitigation is to upgrade the browser to the latest version, or disable JavaScript until an upgrade is possible.

Pages