Red Hat Bugzilla – Bug 149898
CAN-2005-0255 Memory overwrite in string library
Last modified: 2007-11-30 17:11:01 EST
+++ This bug was initially created as a clone of Bug #149876 +++
Daniel de Wildt discovered a memory handling flaw in Mozilla string classes that
could overwrite memory at a fixed location if reallocation fails during string
growth. This could theoretically lead to arbitrary code execution.
This issue should also affect FC2.
Fixed in latest mozilla release version.