Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2005-18

Memory overwrite in string library

Announced
February 24, 2005
Reporter
Daniel de Wildt
Risk
Low
Impact
High
Products
Firefox, Mozilla Suite, Thunderbird
Fixed in
  • Firefox 1.0.1
  • Mozilla Suite 1.7.6
  • Thunderbird 1.0.2

Description

Daniel de Wildt discovered a memory handling flaw in Mozilla string classes that could overwrite memory at a fixed location if reallocation fails during string growth. This could theoretically lead to arbitrary code execution. Creating the exact conditions for exploitation--including running out of memory at just the right moment--is unlikely.

This flaw was independently discovered by Gaël Delalleau and reported by iDEFENSE

Workaround

Upgrade to a fixed version

References