An integer overflow flaw was found in how Mozilla handled the frameset tag. Using large values for the rows and cols attributes could cause an integer overflow, resulting in a heap based buffer overflow.
This is public via: http://www.mozilla.org/security/announce/2011/mfsa2011-12.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2011:0473 https://rhn.redhat.com/errata/RHSA-2011-0473.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0475 https://rhn.redhat.com/errata/RHSA-2011-0475.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2011:0474 https://rhn.redhat.com/errata/RHSA-2011-0474.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 4 Via RHSA-2011:0471 https://rhn.redhat.com/errata/RHSA-2011-0471.html