[plug] Microsoft opens doorways for jpeg viruses
Carl Gherardi
cgherardi at iprimus.com.au
Sat Oct 2 09:35:49 WST 2004
On 01/10/2004, at 10:53 AM, Evert van Dijk wrote:
> I just did a search of the Mozilla website and did not find any
> references to any jpg or jpg vunerabilities.
> Is this limited to the Windows OS or is it an Application Issue?
>
> I heard about this a week or so ago and could not find anything
> official that then either. Lots of rumours and innuendoes
> and advices to update to the latest version of Mozilla. But nothing
> solid.
> Anybody?
> Anything?
>
US-CERT Security Alert TA04-261A. - 20 Sept
"Mozilla-based products are vulnerable to multiple security issues.
Firstly routines handling the display of BMP images and VCards contain
an integer overflow and a stack buffer overrun. Specific pages with
long links, when sent using the "Send Page" function, and links with
non-ASCII hostnames could both cause heap buffer overruns."
More information about the plug
mailing list