Red Hat Bugzilla – Bug 149877
CAN-2005-0255 Memory overwrite in string library
Last modified: 2007-11-30 17:11:00 EST
+++ This bug was initially created as a clone of Bug #149876 +++
Daniel de Wildt discovered a memory handling flaw in Mozilla string classes that
could overwrite memory at a fixed location if reallocation fails during string
growth. This could theoretically lead to arbitrary code execution.
Fixed in latest release of firefox