Intrusion Prevention

Mozilla.Firefox.CSS.Letter-Spacing.Heap.Overflow

Description

This indicates a possible exploit of a heap based buffer overflow vulnerability in Mozilla products.
This flaw is due to a heap overflow error when handling a specially crafted CSS "letter-spacing" property.

Affected Products

Mozilla Firefox versions prior 1.5.0.2
Mozilla Firefox versions prior to 1.0.8
Mozilla Suite versions prior to 1.7.13
SeaMonkey versions prior to 1.0.1
Thunderbird versions prior to 1.5.0.2
Thunderbird versions prior to 1.0.8

Impact

The execution of arbitrary code on the system.

Recommended Actions

Upgrade to Firefox 1.5.0.2 or 1.0.8 :
http://www.mozilla.com/firefox/
Upgrade to Mozilla Suite 1.7.13 :
http://www.mozilla.org/products/mozilla1.x/
Upgrade to SeaMonkey 1.0.1 :
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird 1.5.0.2 or 1.0.8 :
http://www.mozilla.com/thunderbird/

CVE References

CVE-2006-1730