At Foxit, prompt response to software defects and security holes has always been, and will continue to be a top priority of its product service. Acknowledging software defects and security holes are inevitable and Foxit treats the mission-critical defects and security issues very seriously. Foxit has published all the historic security issues on its website and keeps tracking on the potential security issues on daily basis. Even though its known security issue list is much shorter compared to the other competitors due to the robustness of its software products, Foxit has always planned ahead for the unexpected.

In our effort to serve you best, please click here to read Foxit's security policies and to report potential security vulnerability.

Brief	Originally Posted	Release Date
Stack-based Buffer Overflow in Foxit Reader 3.0	Feb. 18, 2009	Mar. 9, 2009
Security Authorization Bypass in Foxit Reader 2.3 and 3.0	Feb. 18, 2009	Mar. 9, 2009
JBIG2 Symbol Dictionary Processing in JPEG2000/JBIG Decoder add-on of Foxit Reader 2.3 and  3.0	Feb. 27, 2009	Mar. 9, 2009
Two Security Vulnerabilities Fixed in Foxit Reader 3.0 and JPEG2000/JBIG2 Decoder	June 2, 2009	June 19,2009

Two Security Vulnerabilities Fixed in Foxit Reader 3.0 and JPEG2000/JBIG2 Decoder

SUMMARY
Here is detailed information about the vulnerabilities:

1. Fixed a problem related to negative stream offset (in malicious JPEG2000 stream) which caused reading data from an out-of-bound address. We have added guard codes to solve this issue.
2. Fixed a problem related to error handling when decoding JPEG2000 header, an uncaught fatal error resulted a subsequent invalid address access. We added error handling code to terminate the decoding process.

AFFECTED SOFTWARE VERSIONS
Foxit Reader 3.0 and JPEG2000/JBIG2 Decoder add-on version 2.0.2009.303

SOLUTION
For Foxit Reader users, please download the latest Foxit Reader 3.0, and for the critical add-on of JPEG 2000/JBIG2 decoder, please go to "Check for Updates Now" located in the Reader help menu to update the add-on to the latest version 2.0 Build 2009.616.

SECURITY PROCESS
2009-06-02: Foxit received report from CERT;
2009-06-03: Foxit confirmed issues;
2009-06-09: Foxit fixed the issues;
2009-06-19: Foxit released fixed versions of Foxit Reader 3.0 Build 1817 and JPEG2000/JBIG2 Decoder add-on version 2.0 Build 2009.616.

Stack-based Buffer Overflow

SUMMARY

Foxit PDF files include actions associated with different triggers. If an action (Open/Execute a file, Open a web link, etc.) is defined in the PDF files with an overly long filename argument and the trigger condition is satisfied, it will cause a stack-based buffer overflow.

AFFECTED SOFTWARE VERSION
Foxit Reader 3.0.

SOLUTION
Recommend all Foxit Reader users to please update their Foxit Reader 3.0, available here: http://www.foxitsoftware.com/downloads/

SECURITY PROCESS
2009-02-18: Foxit received report from Core Security Technologies;
2009-02-19: Foxit confirmed issue;
2009-02-20: Foxit fixed the issue;
2009-02-28: Fix confirmed by Core Security Technologies;
2009-03-09: Foxit released fixed version 3.0 Build 1506.

Security Authorization Bypass

SUMMARY
If an action (Open/Execute a file, Open a web link, etc.) is defined in the PDF files and the trigger condition is satisfied, Foxit Reader will do the action defined by the creator of the PDF file without popping up a dialog box to confirm.

AFFECTED SOFTWARE VERSIONS
Foxit Reader 3.0 and Foxit Reader 2.3

SOLUTION
Recommend Foxit Reader users to update to Foxit Reader 3.0, and for those who keep using Foxit Reader 2.3 you can download the updated version, available here: http://www.foxitsoftware.com/downloads/

SECURITY PROCESS
2009-02-18: Foxit received report from Core Security Technologies;
2009-02-19: Foxit confirmed issue;
2009-02-20: Foxit fixed the issue;
2009-02-28: Fix confirmed by Core Security Technologies;
2009-03-09: Foxit released fixed version 3.0 Build 1506 and version 2.3 Build 3902.

JBIG2 Symbol Dictionary Processing

SUMMARY
While decoding a JBIG2 symbol dictionary segment, an array of 32-bit elements is allocated having a size equal to the number of exported symbols, but left uninitialised if the number of new symbols is zero. The array is later accessed and values from uninitialised memory are used as pointers when reading memory and performing calls.

AFFECTED SOFTWARE VERSIONS
JPEG2000/JBIG Decoder add-on version 2.0.2008.715 in Foxit Reader 3.0 and Foxit Reader 2.3

SOLUTION
For Foxit Reader users who have downloaded and used the JPEG2000/JBIG Decoder, please go to "Check for Updates Now" in Reader help menu to update the add-on to the latest version 2.0.2009.303 or click here to download the latest version 2.0.2009.303.

SECURITY PROCESS
2009-02-27: Foxit received report from Secunia;
2009-02-28: Foxit confirmed issue;
2009-03-04: Foxit fixed the issue;
2009-03-04: Fix confirmed by Secunia;
2009-03-09: Foxit released fixed version 2.0.2009.303

Ask Toolbar ToolbarSettings ActiveX Control Buffer Overflow

The ask.com toolbar Foxit is bundling, is not the same version as reported on secunia.com, and doesn’t have the reported vulnerability.
Click here to check the related report on secunia.com.