A vulnerability exists in Mozilla products that may allow a remote attacker to execute arbitrary code or cause a denial of service.
Mozilla products contain a vulnerability in the CSS cursor property on Microsoft Windows that may result in a crash when handling malicious images. According to the Mozilla Foundation Security Advisory 2006-69:
A miscalculated size during conversion of the image to a Windows bitmap can result in a heap buffer overflow which could be used to compromise the victim's computer.
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service.
This issue is addressed in Mozilla Foundation Security Advisory 2006-69. Mozilla credits Frederik Reiss with providing information about this issue.
This document was written by Chris Taschner.
|Date First Published:||2007-01-18|
|Date Last Updated:||2007-01-18 15:55 UTC|