You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.5.0.4) > MFSA 2006-32
Mozilla Foundation Security Advisory 2006-32
Title: Fixes for crashes with potential memory corruption (rv:1.8.0.4)
Impact: Critical
Date: June 1, 2006
Reporter: Mozilla Developers
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 1.5.0.4
Thunderbird 1.5.0.4
SeaMonkey 1.0.2
Description
Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption that we presume is exploitable.
Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail.
Workaround
Disable Javascript until you can upgrade to a fixed version.
References
Removing nested <option>s from a select (Jesse Ruderman)
Crashes during DOMNodeRemoved mutation event
- https://bugzilla.mozilla.org/show_bug.cgi?id=325730
- https://bugzilla.mozilla.org/show_bug.cgi?id=329982
Content-implemented tree views can corrupt memory (Boris Zbarsky)
Memory corruption involving BoxObjects (Boris Zbarsky, Neil Rashbrook, Georgi Guninski)
- https://bugzilla.mozilla.org/show_bug.cgi?id=326931
- https://bugzilla.mozilla.org/show_bug.cgi?id=329219
- https://bugzilla.mozilla.org/show_bug.cgi?id=330818
XBL implementation doesn't root temporaries correctly (L. David Baron)
crash with iframe removing itself (Georgi Guninski)
potential integer overflow in jsstr tagify (Georgi Guninski)