Vulnerability Note VU#179014
Mozilla CSS integer overflow vulnerability
Mozilla products contain an integer overflow that could allow a remote, unauthenticated attacker to execute arbitrary code.
Cascading Style Sheets
CSS is a mechanism for adding style to web documents.
Mozilla products contain an integer overflow in the CSS letter spacing property. This may allow a remote attacker to manipulate memory allocation routines to create an undersized buffer. When data is copied to this buffer, a heap-based buffer overflow may occur.
For a list of affected, products refer to Mozilla Foundation Security Advisory 2006-22.
If an attacker can persuade a user to access a specially crafted web page, that attacker may be able to execute arbitrary code.
Refer to Mozilla Foundation Security Advisory 2006-22 for fixed versions of Mozilla products.
If you are a vendor and your product is affected, let
|Vendor||Status||Date Notified||Date Updated|
|Mozilla, Inc.||Affected||-||17 Apr 2006|
|Red Hat, Inc.||Affected||-||17 May 2006|
This vulnerability was reported in Mozilla Foundation Security Advisory
This document was written by Jeff Gennari.
13 Apr 2006
Date First Published:
17 Apr 2006
Date Last Updated:
17 May 2006
If you have feedback, comments, or additional information about this vulnerability, please send us email.