You are currently viewing a snapshot of taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to, please file a bug.

You are here: Known Vulnerabilities in Mozilla Products (Firefox > MFSA 2006-55

Mozilla Foundation Security Advisory 2006-55

Title: Crashes with evidence of memory corruption (rv:
Impact: Critical
Announced: July 25, 2006
Reporter: Mozilla Developers
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox
  SeaMonkey 1.0.3


As part of the Firefox stability and security release, developers in the Mozilla community looked for and fixed several crash bugs to improve the stability of Mozilla clients. Some of these crashes showed evidence of memory corruption that we presume could be exploited to run arbitrary code with enough effort.

Thunderbird shares the browser engine with Firefox and would be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from enabling JavaScript in mail.


Disable JavaScript until you can upgrade to a fixed version. Do not enable JavaScript in mail clients such as Thunderbird.


nsListControlFrame::FireMenuItemActiveEvent called at unsafe times (Boris Zbarsky)

Potential string class buffer overruns in out-of-memory case (Darin Fisher, Daniel Veditz)

Crashes involving table row and column groups (Jesse Ruderman, Martijn Wargers)

Disable anonymous box selectors outside of UA stylesheets (Jesse Ruderman)

Crashes referencing removed nodes (Jesse Ruderman, Martijn Wargers)

crypto.generateCRMFRequest callback can run on deleted context (shutdown)