Firefox 3.5.5 issue tracking bug
The nsGIFDecoder2::GifWrite function in
decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before
3.5.5 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via an animated GIF file
with a large image size, a different vulnerability than CVE-2009-3373.
It seems no vulnerable versions are in the tree. Should we make the decision about GLSA for users who might still have it installed?
Added to pending GLSA request.
This issue was resolved and addressed in
GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).