[Bug 253804] Re: Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more
Alexander Konovalenko
alexkon at gmail.com
Thu Jul 31 23:24:08 UTC 2008
** Description changed:
- There's an exploit published on July 8, 2008 at
+ There's an proof-of-concept exploit published on July 8, 2008 at
http://www.milw0rm.com/exploits/6029 that says:
"Malicious SVG file DoS
The following applications were tested in their latest revisions:
Firefox's "browse for file, preview" object on linux: affected
evince on linux: affected
eog on linux: affected
gimp on linux: affected
inkscape on linux: unaffected
Microsoft Visio on windows: unaffected
It is unknown at this time whether code execution is possible..."
Unfortunately I currently lack the resources to verify the existence of
the vulnerability.
WARNING: the .zip file might harm your computer. Don't open it on your
normal machine.
A more or less safe way to test it would be to physically disconnect any
important devices (all hard disks, network connections to any networks
that trust your machine, etc.) and to boot from a live CD. But you
should still know what you're doing.
--
Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more
https://bugs.launchpad.net/bugs/253804
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in ubuntu.
More information about the Ubuntu-mozillateam-bugs
mailing list