logo
DATABASE RESOURCES PRICING ABOUT US

Mozilla Foundation Security Advisory 2006-69

Description

Mozilla Foundation Security Advisory 2006-69 Title: CSS cursor image buffer overflow (Windows only) Impact: Critical Announced: December 19, 2006 Reporter: Frederik Reiss Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 Thunderbird 1.5.0.9 SeaMonkey 1.0.7 Description Frederik Reiss reported a crash when using the CSS cursor property to set the cursor to certain images on Windows. A miscalculated size during conversion of the image to a Windows bitmap can result in a heap buffer overflow which could be used to compromise the victim's computer. This flaw affects both Firefox 2 and Firefox 1.5 but not the earlier Firefox 1.0 or Mozilla Suite Workaround Upgrade to a fixed version. References https://bugzilla.mozilla.org/show_bug.cgi?id=353553 CVE-2006-6500


Related