Mozilla

Mozilla Foundation Security Advisory 2005-18

Memory overwrite in string library

Announced
February 24, 2005
Reporter
Daniel de Wildt
Risk
Low
Impact
High
Products
Firefox, Mozilla Suite, Thunderbird
Fixed in
  • Firefox 1.0.1
  • Mozilla Suite 1.7.6
  • Thunderbird 1.0.2

Description

Daniel de Wildt discovered a memory handling flaw in Mozilla string classes that could overwrite memory at a fixed location if reallocation fails during string growth. This could theoretically lead to arbitrary code execution. Creating the exact conditions for exploitation--including running out of memory at just the right moment--is unlikely.

This flaw was independently discovered by Gaël Delalleau and reported by iDEFENSE

Workaround

Upgrade to a fixed version

References