You are here: Known Vulnerabilities in Mozilla Products (Firefox 220.127.116.11) > MFSA 2006-22
Mozilla Foundation Security Advisory 2006-22
Title: CSS Letter-Spacing Heap Overflow Vulnerability
Date: April 13, 2006
Reporter: TippingPoint and the Zero Day Initiative
Products: Firefox, Thunderbird, Mozilla Suite
Fixed in: Firefox 18.104.22.168
Mozilla Suite 1.7.13
An anonymous researcher for TippingPoint and the Zero Day Initiative discovered an integer overflow triggered by the CSS letter-spacing property. This results in in under-allocating memory and ultimately a heap buffer overflow which could be exploited to run code of the attacker's choice.
Upgrade to the fixed version.