Mozilla Firefox E4X, SVG, and Canvas integer overflow vulner

Date Discovered: 2006. február 2.
Date Published: 2006. február 3.
Last Updated: 2006. február 3.

Threat Assessment
Overall Risk: Medium
Impact:          High
Popularity:    Medium
Simplicity:     Low

Vulnerability Description
Vulnerability ID:          33816
Discovered By:            moz_bug_r_a4
Exploitable Locally:     No
Exploitable Remotely: Yes
Impact:                        Attackers can execute arbitrary code.
Root Cause:                 Software Vulnerability

Mozilla Firefox contain a vulnerability that can allow an attacker to execute arbitrary code. The vulnerability is due to improper validation of the EscapeAttributeValue in jsxml.c for E4X, nsSVGCairoSurface::Init in SVG, and nsCanvasRenderingContext2D.cpp in Canvas. An attacker can create a carefully constructed argument to cause an integer overflow and execute arbitrary code.

Recommendations
For: Mozilla FireFox 1.5
Apply: Mozilla FireFox 1.5.0.1

Affected Technologies
The Mozilla Organization: Mozilla FireFox 1.5

References
Mitre CVE: CVE-2006-0297
Mozilla Organization: 2006-06

More information on CA Vulnerability Information Center:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33816

Computer Associates – the Trusted Source of Security Knowledge