Info

Disclosure

Feb 23, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A memory corruption flaw exists in multiple Mozilla products. This issue is due to a error in the layout engine. With specially crafted HTML code, an attacker can cause a denial of service and possibly arbitrary code exection resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to Firefox 2.0.0.2 or 1.5.0.10, Thunderbird 1.5.0.10, SeaMonkey 1.0.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization	SeaMonkey	1.0
		1.0.1
		1.0.2
		1.0.3
		1.0.4
		1.0.5
		1.0.6
		1.0.7
	Firefox	1.0
		1.0.x
		1.5.0.1
		1.5.0.2
		1.5.0.3
		1.5.0.4
		1.5.0.5
		1.5.0.6
		1.5.0.7
		1.5.0.8
		1.5.0.9
		1.5
		2.0
		2.0.0.1
	Thunderbird	0.x
		1.0.2
		1.0.5
		1.0.6
		1.0.7
		1.0.8
		1.5
		1.5.0.2
		1.5.0.4
		1.5.0.5
		1.5.0.7
		1.5.0.8
		1.5.0.9

References

Credit

Jesse Ruderman - -
Martijn Wargers -
Olli Pettay -

Direct URL: http://osvdb.org/32114

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mozilla Organization

SeaMonkey

Firefox

Thunderbird

References

Credit