Mozilla Foundation Security Advisory 2008-37
Title: UTF-8 URL stack buffer overflow
Announced: September 23, 2008
Reporter: Justin Schuh, Tom Cross, Peter William
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 18.104.22.168
Justin Schuh and Tom Cross of the IBM X-Force and Peter Williams of IBM Watson Labs reported errors in Mozilla URL parsing routines. These errors could be exploited using a specially crafted UTF-8 URL in a hyperlink which could overflow a stack buffer and allow an attacker to execute arbitrary code.
Firefox 3 is not affected by this issue