You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.1) > MFSA 2005-15

Mozilla Foundation Security Advisory 2005-15

Title: Heap overflow possible in UTF8 to Unicode conversion
Severity: High
Risk: Low
Reporter: wind li
Products: Firefox, Thunderbird, Mozilla Suite

Fixed in: Firefox 1.0.1
  Thunderbird 1.0.2
  Mozilla Suite 1.7.6

Description

It is possible for a UTF8 string with invalid sequences to trigger a heap overflow of converted Unicode data. Exploitability would depend on the attackers ability to get the string into the buggy converter. General web content is converted elsewhere but we can't rule out the possibility of a successful attack.

Workaround

Upgrade to a version that contains this fix.

References