149898 – CAN-2005-0255 Memory overwrite in string library

Bug 149898 - CAN-2005-0255 Memory overwrite in string library

Summary: CAN-2005-0255 Memory overwrite in string library

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mozilla
Sub Component:
Version:	3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	urgent
Target Milestone:	---
Assignee:	Christopher Aillon
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:	public=20050228,impact=critical
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-02-28 17:49 UTC by Josh Bressers
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2005-04-28 20:35:01 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2005-02-28 17:49:49 UTC

+++ This bug was initially created as a clone of Bug #149876 +++

Daniel de Wildt discovered a memory handling flaw in Mozilla string classes that
could overwrite memory at a fixed location if reallocation fails during string
growth. This could theoretically lead to arbitrary code execution.

http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities&flashstatus=true

Comment 1 Josh Bressers 2005-02-28 17:50:23 UTC

This issue should also affect FC2.

Comment 2 Christopher Aillon 2005-04-28 20:35:01 UTC

Fixed in latest mozilla release version.

Note You need to log in before you can comment on or make changes to this bug.