CSS Letter-Spacing Heap Overflow Vulnerability

  Severity: LOW
  CVE Identifier: CVE-2006-1730
  Advisory Date: FEB 11, 2011

  DESCRIPTION

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.

  TREND MICRO PROTECTION INFORMATION

Fixed in:  Firefox 1.5.0.2,  Firefox 1.0.8, Thunderbird 1.5.0.2, Thunderbird 1.0.8, SeaMonkey 1.0.1, Mozilla Suite 1.7.13

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1000757
  Trend Micro Deep Security DPI Rule Name: 1000757 - CSS Letter-Spacing Heap Overflow Vulnerability

  AFFECTED SOFTWARE AND VERSION

  • Mozilla Firefox 1.0
  • Mozilla Firefox 1.0.1
  • Mozilla Firefox 1.0.2
  • Mozilla Firefox 1.0.3
  • Mozilla Firefox 1.0.4
  • Mozilla Firefox 1.0.5
  • Mozilla Firefox 1.0.6
  • Mozilla Firefox 1.0.7
  • Mozilla Firefox 1.5
  • Mozilla Firefox 1.5.0.1
  • Mozilla Mozilla suite 1.7.10
  • Mozilla Mozilla suite 1.7.11
  • Mozilla Mozilla suite 1.7.12
  • Mozilla Mozilla suite 1.7.6
  • Mozilla Mozilla suite 1.7.7
  • Mozilla Mozilla suite 1.7.8
  • Mozilla SeaMonkey 1.0
  • Mozilla Thunderbird 1.0
  • Mozilla Thunderbird 1.0.1
  • Mozilla Thunderbird 1.0.2
  • Mozilla Thunderbird 1.0.3
  • Mozilla Thunderbird 1.0.4
  • Mozilla Thunderbird 1.0.5
  • Mozilla Thunderbird 1.0.6
  • Mozilla Thunderbird 1.0.7
  • Mozilla Thunderbird 1.5
  • Mozilla Thunderbird 1.5.0.1