A vulnerability exists in Mozilla products that may allow a remote attacker to view browser history or cause a denial of service.
Mozilla products contain a vulnerability in the browser engine that may result in information disclosure or a denial of service when handling malicious image files when a user leaves a page with designMode frames. According to the Mozilla Foundation Security Advisory 2008-06:
The reported issue can be used to steal a user's navigation history, forward navigation information, and crash the user's browser. The crash showed evidence of memory corruption and might be exploitable to run arbitrary code.
A remote, unauthorized attacker may be able to view browser history information or cause a denial of service.
This vulnerability is addressed in Mozilla Foundation Security Advisory 2008-06. Mozilla credits David Bloom for reporting this issue.
This document was written by Chris Taschner.
|Date First Published:||2008-02-11|
|Date Last Updated:||2008-02-11 15:57 UTC|