Mozilla Firefox/Thunderbird/SeaMonkey HTML Frameset Tag Interger Overflow Vulnerability

Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a remote integer-overflow vulnerability that may allow remote code execution.

An attacker can exploit this issue by enticing an unsuspecting user into viewing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue is fixed in:

Firefox 4.0.1
Firefox 3.6.17
Firefox 3.5.19
Thunderbird 3.1.10
SeaMonkey 2.0.14

NOTE: This issue was previously discussed in BID 47635 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-12 through -18 Multiple Vulnerabilities) but has been moved to its own record to better document it.


 

Privacy Statement
Copyright 2010, SecurityFocus