Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3978 to the following vulnerability: The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373. Upstream bug report: -------------------- https://bugzilla.mozilla.org/show_bug.cgi?id=525326 Upstream patch: --------------- http://hg.mozilla.org/releases/mozilla-1.9.1/rev/edf189567edc
This issue does NOT affect the versions of the seamonkey package, as shipped with Red Hat Enterprise Linux 3 and 4. This issue does NOT affect the versions of the seamonkey package, as shipped with Fedora release of 10 and 11. This issue affects the versions of the seamonkey package, as shipped with Fedora release of 12 and Fedora Rawhide. Please fix.
This issue affects the versions of the firefox package, as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the version of the firefox package, as shipped with Fedora release of 10. This issue does NOT affect the versions of the firefox package, as shipped with Fedora release of 11 and 12.
It's fixed in firefox-3.0.16.