Red Hat Bugzilla – Bug 188798
CVE-2006-1724 Crashes with evidence of memory corruption (22.214.171.124)
Last modified: 2007-11-30 17:11:30 EST
Crashes with evidence of memory corruption (126.96.36.199)
As part of the Firefox 188.8.131.52 release we fixed several crash bugs to
improve the stability of the product, with a particular focus on finding
crashes caused by DHTML. Some of these crashes showed evidence of memory
corruption that we presume could be exploited to run arbitrary code with
Note: Thunderbird shares the browser engine with Firefox and could be
the mail portion of SeaMonkey.
Also fixed in Firefox/Thunderbird 1.0.8, Mozilla Suite 1.7.13
Muck with the boxobject's internal frame pointer.
This issue also affects FC4
So was this ever fixed in FC5? FC4? With Seamonkey, maybe?
Ah. I see that this was indeed fixed on 2006-05-03, for both FC4 and FC5
(but not mentioned in the advisories.) The update to Mozilla-1.7.13 fixed
this issue along with the others mentioned.
This bug was fixed for FC4 in Fedora Update FEDORA-2006-488
This bug was fixed for FC5 in Fedora Update FEDORA-2006-487
Going ahead and closing this ERRATA.