You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.5) > MFSA 2005-50
Mozilla Foundation Security Advisory 2005-50
Title: Exploitable crash in InstallVersion.compareTo
Products: Firefox, Mozilla Suite
Fixed in: Firefox 1.0.5
Mozilla Suite 1.7.10
When InstallVersion.compareTo() is passed an object rather than a string it assumed the object was another InstallVersion without verifying it. When passed a different kind of object the browser would generally crash with an access violation.
Update:(2005-12-14) Aviv Raff has posted a proof of concept exploit of this flaw that demonstrates execution of attacker-supplied code on windows.