Mozilla Firefox 64-Bit SetTextInternal Heap Buffer Overflow

Download

A heap buffer overflow vulnerability was discovered which is caused by an integer overflow in nsGenericDOMDataNode::SetTextInternal().

Due to the amount of data needed to trigger the vulnerability (> 8 gigabytes), this is only exploitable on 64-bit systems. This vulnerability was tested on Ubuntu AMD64 with the default install of Firefox.

See this white paper for more details on vulnerabilities specific to 64bit platforms.

References:

  • http://www.mozilla.org/security/announce/2010/mfsa2010-29.html
  • https://bugzilla.mozilla.org/show_bug.cgi?id=534666
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196