Mozilla products contain a memory corruption vulnerability related to SVG processing. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Scalable Vector Graphics (SVG) processing code in Mozilla Firefox and SeaMonkey contains a memory corruption vulnerability. According to Mozilla Foundation Security Advisory 2006-73:
Appending an SVG comment DOM node from one document into another type of document such as HTML in some cases results in a crash due to memory corruption that can be exploited to run arbitrary code.
By convincing a user to visit a specially crafted website, a remote, unauthenticated attacker may be able to execute arbitrary code.
This vulnerability was reported by Mozilla who in turn credits TippingPoint and the Zero Day Initiative.
|Date First Published:||2006-12-20|
|Date Last Updated:||2007-02-07 18:37 UTC|