Mozilla SVG Processing Remote Code Execution
- December 19, 2006
- TippingPoint and the Zero Day Initiative
- Firefox, SeaMonkey
- Fixed in
- Firefox 22.214.171.124
- Firefox 126.96.36.199
- SeaMonkey 1.0.7
Appending an SVG comment DOM node from one document into another type of document such as HTML in some cases results in a crash due to memory corruption that can be exploited to run arbitrary code.
This flaw was introduced in the Firefox 188.8.131.52 release, prior versions are unaffected.