Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6715 to the following vulnerability: Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case. References: https://bugzilla.mozilla.org/show_bug.cgi?id=424333 http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities http://sam.zoy.org/zzuf/ http://www.securityfocus.com/bid/27243 http://hboeck.de/archives/578-How-long-does-it-take-to-fix-a-crash-bug.html
Created attachment 302884 [details] Crasher gif Source: http://sam.zoy.org/zzuf/lol-firefox.gif
Upstream does not consider this to be a security issue. It is being treated as a crash only. See the Mozilla bug for more details.
Vendor statement was published on Nist NVD site: Red Hat does not consider this flaw a security issue. This flaw is not exploitable beyond causing the web browser to crash. http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6715