Update Protection against Mozilla Firefox Animated PNG Processing Integer Overflow Vulnerability
| Check Point Reference: | CPAI-2008-228 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Mozilla Foundation Security Advisory 2008-42 | |
| Industry Reference(s): | CVE-2008-4064 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Mozilla Foundation Firefox 3.x prior to 3.0.2 | ||
| Vulnerability Description A vulnerability was reported in Mozilla Firefox. Firefox is a popular, open source web browser developed by Mozilla Foundation. Mozilla Firefox fails to properly process animated Portable Network Graphics (APNG) image files. A remote attacker could exploit this vulnerability by persuading a target user to open a specially crafted PNG image. Successful exploitation could lead to arbitrary code execution or terminate the application, resulting in a Denial of Service condition. |
||
|
Vulnerability Details The flaw is due to integer overflow when processing animated PNG (APNG) files. APNG is an extension of PNG developed by Mozilla Foundation that supports animated images. APNG support is included in Firefox 3.0 and later. This extension is not part of PNG standard. Successful exploitation could lead to a remote code execution or a denial of service condition. |
Protection Overview
By enabling this protection, SmartDefense will detect and block malformed animated PNG graphics files.
In order for the protection to be activated, update your VPN-1/IPS-1 product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.