Security researcher Martin Barbella reported via TippingPoint's Zero Day Initiative that an XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store its value would overflow, resulting in too small a buffer being created. An attacker could use this vulnerability to write data past the end of the buffer, causing the browser to crash and potentially running arbitrary code on a victim's computer.
This issue is now public: http://www.mozilla.org/security/announce/2010/mfsa2010-30.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 3 Via RHSA-2010:0499 https://rhn.redhat.com/errata/RHSA-2010-0499.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0500 https://rhn.redhat.com/errata/RHSA-2010-0500.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0501 https://rhn.redhat.com/errata/RHSA-2010-0501.html
seamonkey-2.0.5-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/seamonkey-2.0.5-1.fc12
seamonkey-2.0.5-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/seamonkey-2.0.5-1.fc13
xulrunner-1.9.2.4-1.fc13,firefox-3.6.4-1.fc13,mozvoikko-1.0-11.fc13,gnome-web-photo-0.9-9.fc13,perl-Gtk2-MozEmbed-0.08-6.fc13.14,gnome-python2-extras-2.25.3-19.fc13,galeon-2.0.7-29.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/xulrunner-1.9.2.4-1.fc13,firefox-3.6.4-1.fc13,mozvoikko-1.0-11.fc13,gnome-web-photo-0.9-9.fc13,perl-Gtk2-MozEmbed-0.08-6.fc13.14,gnome-python2-extras-2.25.3-19.fc13,galeon-2.0.7-29.fc13
firefox-3.5.10-1.fc12,xulrunner-1.9.1.10-1.fc12,mozvoikko-1.0-10.fc12,gnome-web-photo-0.9-7.fc12,gnome-python2-extras-2.25.3-18.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.13,galeon-2.0.7-23.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/firefox-3.5.10-1.fc12,xulrunner-1.9.1.10-1.fc12,mozvoikko-1.0-10.fc12,gnome-web-photo-0.9-7.fc12,gnome-python2-extras-2.25.3-18.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.13,galeon-2.0.7-23.fc12
seamonkey-2.0.5-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
xulrunner-1.9.1.10-1.fc12, mozvoikko-1.0-10.fc12, gnome-web-photo-0.9-7.fc12, gnome-python2-extras-2.25.3-18.fc12, perl-Gtk2-MozEmbed-0.08-6.fc12.13, galeon-2.0.7-23.fc12, firefox-3.5.10-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
xulrunner-1.9.2.4-1.fc13, firefox-3.6.4-1.fc13, mozvoikko-1.0-11.fc13, gnome-web-photo-0.9-9.fc13, perl-Gtk2-MozEmbed-0.08-6.fc13.14, gnome-python2-extras-2.25.3-19.fc13, galeon-2.0.7-29.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
seamonkey-2.0.5-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0545 https://rhn.redhat.com/errata/RHSA-2010-0545.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0544 https://rhn.redhat.com/errata/RHSA-2010-0544.html
thunderbird-3.0.6-1.fc12, sunbird-1.0-0.23.20090916hg.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.