Advisory: Mozilla Firefox 64-Bit SetTextInternal Heap Buffer Overflow

Affected Products

Mozilla Firefox

CVE

CVE-2010-1196

A heap buffer overflow vulnerability was discovered which is caused by an integer overflow in nsGenericDOMDataNode::SetTextInternal().

Due to the amount of data needed to trigger the vulnerability (> 8 gigabytes), this is only exploitable on 64-bit systems. This vulnerability was tested on Ubuntu AMD64 with the default install of Firefox.

See this white paper for more details on vulnerabilities specific to 64bit platforms.

References

http://www.mozilla.org/security/announce/2010/mfsa2010-29.html
https://bugzilla.mozilla.org/show_bug.cgi?id=534666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196