Red Hat Bugzilla – Bug 149896
CAN-2005-0255 Memory overwrite in string library
Last modified: 2007-11-30 17:07:16 EST
+++ This bug was initially created as a clone of Bug #149876 +++
Daniel de Wildt discovered a memory handling flaw in Mozilla string classes that
could overwrite memory at a fixed location if reallocation fails during string
growth. This could theoretically lead to arbitrary code execution.
This issue was fixed in RHSA-2005:277