CSS Letter-Spacing Heap Overflow Vulnerability
Severity: : Low
CVE Kennungen: : CVE-2006-1730
Advisory Date: 11 de lutego de 2011
DESCRIPTION
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.
INFORMATION EXPOSURE
Fixed in: Firefox 1.5.0.2, Firefox 1.0.8, Thunderbird 1.5.0.2, Thunderbird 1.0.8, SeaMonkey 1.0.1, Mozilla Suite 1.7.13
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000757
Trend Micro Deep Security DPI Rule Name: 1000757 - CSS Letter-Spacing Heap Overflow Vulnerability
AFFECTED SOFTWARE AND VERSION:
- Mozilla Firefox 1.0
- Mozilla Firefox 1.0.1
- Mozilla Firefox 1.0.2
- Mozilla Firefox 1.0.3
- Mozilla Firefox 1.0.4
- Mozilla Firefox 1.0.5
- Mozilla Firefox 1.0.6
- Mozilla Firefox 1.0.7
- Mozilla Firefox 1.5
- Mozilla Firefox 1.5.0.1
- Mozilla Mozilla suite 1.7.10
- Mozilla Mozilla suite 1.7.11
- Mozilla Mozilla suite 1.7.12
- Mozilla Mozilla suite 1.7.6
- Mozilla Mozilla suite 1.7.7
- Mozilla Mozilla suite 1.7.8
- Mozilla SeaMonkey 1.0
- Mozilla Thunderbird 1.0
- Mozilla Thunderbird 1.0.1
- Mozilla Thunderbird 1.0.2
- Mozilla Thunderbird 1.0.3
- Mozilla Thunderbird 1.0.4
- Mozilla Thunderbird 1.0.5
- Mozilla Thunderbird 1.0.6
- Mozilla Thunderbird 1.0.7
- Mozilla Thunderbird 1.5
- Mozilla Thunderbird 1.5.0.1