You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.



You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.5.0.1) > MFSA 2006-07

Mozilla Foundation Security Advisory 2006-07

Title: Read beyond buffer while parsing XML
Severity: Low
Date: February 1, 2006
Reporter: Johnny Stenback
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 1.5.0.1
  SeaMonkey 1.0
  Thunderbird 1.5.0.2

Description

An upgrade in the XML parser introduced a bug that could read beyond the end of the buffer, often causing a crash. We don't know if this could be exploited to incorporate private data into the DOM of an XML document, but could be a privacy risk if so. Firefox 1.0, Thunderbird 1.0 and Mozilla Suite 1.7 are not affected.

Update (13 April 2006)
This flaw has been fixed in Thunderbird 1.5.0.2

Workaround

Upgrade to the fixed versions.

References