Mozilla products contain a memory corruption vulnerability related to SVG processing. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Scalable Vector Graphics (SVG) processing code in Mozilla Firefox and SeaMonkey contains a memory corruption vulnerability. According to Mozilla Foundation Security Advisory 2006-73:
Appending an SVG comment DOM node from one document into another type of document such as HTML in some cases results in a crash due to memory corruption that can be exploited to run arbitrary code.
By convincing a user to visit a specially crafted website, a remote, unauthenticated attacker may be able to execute arbitrary code.
This vulnerability was reported by Mozilla who in turn credits TippingPoint and the Zero Day Initiative.
This document was written by Katie Steiner.
|Date First Published:||2006-12-20|
|Date Last Updated:||2007-02-07 18:37 UTC|