Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15439
HistoryDec 20, 2006 - 12:00 a.m.

Mozilla Foundation Security Advisory 2006-69

2006-12-2000:00:00
vulners.com
53

Mozilla Foundation Security Advisory 2006-69
Title: CSS cursor image buffer overflow (Windows only)
Impact: Critical
Announced: December 19, 2006
Reporter: Frederik Reiss
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 2.0.0.1
Firefox 1.5.0.9
Thunderbird 1.5.0.9
SeaMonkey 1.0.7
Description
Frederik Reiss reported a crash when using the CSS cursor property to set the cursor to certain images on Windows. A miscalculated size during conversion of the image to a Windows bitmap can result in a heap buffer overflow which could be used to compromise the victim's computer.

This flaw affects both Firefox 2 and Firefox 1.5 but not the earlier Firefox 1.0 or Mozilla Suite
Workaround
Upgrade to a fixed version.
References
https://bugzilla.mozilla.org/show_bug.cgi?id=353553
CVE-2006-6500

Related for SECURITYVULNS:DOC:15439