Bug 530164 (CVE-2009-3384) - CVE-2009-3384 Firefox integer underflow in FTP directory list parser
Summary: CVE-2009-3384 Firefox integer underflow in FTP directory list parser
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-3384
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 733423
TreeView+ depends on / blocked
 
Reported: 2009-10-21 18:37 UTC by Josh Bressers
Modified: 2019-09-29 12:33 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-03 15:18:18 UTC
Embargoed:

Attachments (Terms of Use)

Description Josh Bressers 2009-10-21 18:37:38 UTC 
Security researcher Michal Zalewski reported that the parser for FTP
directory listings was improperly checking for the end of a string buffer,
resulting in an integer underflow of a counter variable. This counter would
later be used as an array index and could result in the execution of an
arbitrary memory location. An attacker could potentially use this
vulnerability to crash a victim's browser and run arbitrary code on their
computer.
Comment 2 Josh Bressers 2010-12-16 15:41:17 UTC 
The Mozilla bug is here:
https://bugzilla.mozilla.org/show_bug.cgi?id=515583
Comment 3 Huzaifa S. Sidhpurwala 2011-08-17 06:38:28 UTC 
Here is the relevant mozilla patch:

http://hg.mozilla.org/mozilla-central/rev/cade5b705114

This was fixed in:

Seamonkey:
Patch: mozilla-515583-x.patch
* Mon Oct 12 2009 Martin Stransky <stransky> - 1.0.9-50.el4
- Added fixes from 1.9.0.15
Errata: RHSA-2009:1531

Firefox:
RHSA-2009:1530
Comment 4 Josh Bressers 2011-10-03 13:26:27 UTC 
The upstream bug is now public. I'm opening this up.
Comment 5 Josh Bressers 2011-10-03 15:18:18 UTC 
We fixed this bug in RHSA-2009:1530, RHSA-2009:1531, RHSA-2010:0153, RHSA-2010:0154
Note You need to log in before you can comment on or make changes to this bug.