Mozilla

mozilla

Mozilla Foundation Security Advisory 2005-06

Heap overrun handling malicious news: URL

Announced
January 21, 2005
Reporter
Maurycy Prodeus (iSEC Security Research)
Impact
High
Products
Mozilla Suite, Thunderbird
Fixed in
  • Mozilla Suite 1.7.5
  • Thunderbird 0.9

Description

Maurycy Prodeus of iSEC Security Research reports a heap overrun in processing certain news: URLs. Thunderbird and the Mozilla Suite are affected; Firefox does not support the news: scheme.

Workaround

Upgrade to fixed version.

References