Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2006-0749

Source

Mozilla Foundation Security Advisory 2006-18

Mozilla Firefox Tag Order Vulnerability

Announced

April 13, 2006

Reporter

TippingPoint and the Zero Day Initiative

Impact

Critical

Products

Firefox, Mozilla Suite, SeaMonkey, Thunderbird

Fixed in

Firefox 1.0.8
Firefox 1.5
Mozilla Suite 1.7.13
SeaMonkey 1
Thunderbird 1.0.8
Thunderbird 1.5

Description

A particular sequence of HTML tags that reliably crash Mozilla clients was reported by an anonymous researcher via TippingPoint and the Zero Day Initiative. The crash is due to memory corruption that can be exploited to run arbitary code.

Mozilla mail clients will crash on the tag sequence, but without the ability to run scripts to fill memory with the attack code it may not be possible for an attacker to exploit this crash.

Workaround

Upgrade to a fixed version.

References

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Mozilla Firefox Tag Order Vulnerability

Mozilla Firefox Tag Order Vulnerability

Description

Workaround

References

Vulmon Search

About

Products

Connect