[Bug 253804] [NEW] Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more
Launchpad Bug Tracker
253804 at bugs.launchpad.net
Thu Jul 31 22:30:20 UTC 2008
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
There's an exploit published on July 8, 2008 at
http://www.milw0rm.com/exploits/6029 that says:
"Malicious SVG file DoS
The following applications were tested in their latest revisions:
Firefox's "browse for file, preview" object on linux: affected
evince on linux: affected
eog on linux: affected
gimp on linux: affected
inkscape on linux: unaffected
Microsoft Visio on windows: unaffected
It is unknown at this time whether code execution is possible..."
Unfortunately I currently lack the resources to verify the existence of
the vulnerability.
WARNING: the .zip file might harm your computer. Don't open it on your
normal machine.
A more or less safe way to test it would be to physically disconnect any
important devices (all hard disks, network connections to any networks
that trust your machine, etc.) and to boot from a live CD. But you
should still know what you're doing.
** Affects: firefox-3.0 (Ubuntu)
Importance: Undecided
Status: New
--
Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more
https://bugs.launchpad.net/bugs/253804
You received this bug notification because you are a member of Mozilla Bugs, which is subscribed to firefox-3.0 in ubuntu.
More information about the Ubuntu-mozillateam-bugs
mailing list