Mozilla Foundation Security Advisory 2006-07

Read beyond buffer while parsing XML

Announced
February 1, 2006
Reporter
Johnny Stenback
Impact
Low
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 1.5.0.1
  • SeaMonkey 1
  • Thunderbird 1.5.0.2

Description

An upgrade in the XML parser introduced a bug that could read beyond the end of the buffer, often causing a crash. We don't know if this could be exploited to incorporate private data into the DOM of an XML document, but could be a privacy risk if so. Firefox 1.0, Thunderbird 1.0 and Mozilla Suite 1.7 are not affected.

Update (13 April 2006)
This flaw has been fixed in Thunderbird 1.5.0.2

Workaround

Upgrade to the fixed versions.

References