You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.



You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.1) > MFSA 2005-15

Mozilla Foundation Security Advisory 2005-15

Title: Heap overflow possible in UTF8 to Unicode conversion
Severity: High
Risk: Low
Reporter: wind li
Products: Firefox, Thunderbird, Mozilla Suite

Fixed in: Firefox 1.0.1
  Thunderbird 1.0.2
  Mozilla Suite 1.7.6

Description

It is possible for a UTF8 string with invalid sequences to trigger a heap overflow of converted Unicode data. Exploitability would depend on the attackers ability to get the string into the buggy converter. General web content is converted elsewhere but we can't rule out the possibility of a successful attack.

Workaround

Upgrade to a version that contains this fix.

References