Firefox 1.0.7 IFRAME Float Stack Overflow

Release Date:
October 5, 2005

Date Reported:
August 8, 2005

Severity:
Medium

Vendor:
Mozilla Foundation

Versions Affected:
Firefox 1.0.7 Linux

Overview:
A stack overflow vulnerability exists within Firefox 1.0.7 and all prior
versions for linux which may allow for an attacker to execute arbitrary code on a targeted
host.

Technical Details:
The issue is when an IFRAME has the width of 33333333, this causes Firefox to
crash.  

The following code below will reproduce this issue:

<IFRAME WIDTH=33333333 >

Another simple one huh?

Vendor Status:
Mozilla is currently working on a patch.

Discovered by:
Tom Ferris

Related Links:
www.security-protocols.com/poc/sp-x19-poc.html
www.security-protocols.com/advisory/sp-x19-advisory.txt
www.evolvesecurity.com

Copyright (c) 2005 Security-Protocols.com