Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.
http://www.mozilla.org/security/announce/2010/mfsa2010-03.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0112 https://rhn.redhat.com/errata/RHSA-2010-0112.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 3 Via RHSA-2010:0113 https://rhn.redhat.com/errata/RHSA-2010-0113.html
firefox-3.5.8-1.fc12,xulrunner-1.9.1.8-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/firefox-3.5.8-1.fc12,xulrunner-1.9.1.8-1.fc12
gnome-python2-extras-2.25.3-16.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.11,blam-1.8.5-22.fc12,gnome-web-photo-0.9-5.fc12,mozvoikko-1.0-8.fc12,firefox-3.5.8-1.fc12,xulrunner-1.9.1.8-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/gnome-python2-extras-2.25.3-16.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.11,blam-1.8.5-22.fc12,gnome-web-photo-0.9-5.fc12,mozvoikko-1.0-8.fc12,firefox-3.5.8-1.fc12,xulrunner-1.9.1.8-1.fc12
galeon-2.0.7-20.fc12,gnome-python2-extras-2.25.3-16.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.11,blam-1.8.5-22.fc12,gnome-web-photo-0.9-5.fc12,mozvoikko-1.0-8.fc12,firefox-3.5.8-1.fc12,xulrunner-1.9.1.8-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/galeon-2.0.7-20.fc12,gnome-python2-extras-2.25.3-16.fc12,perl-Gtk2-MozEmbed-0.08-6.fc12.11,blam-1.8.5-22.fc12,gnome-web-photo-0.9-5.fc12,mozvoikko-1.0-8.fc12,firefox-3.5.8-1.fc12,xulrunner-1.9.1.8-1.fc12
chmsee-1.0.1-15.fc11,epiphany-2.26.3-8.fc11,blam-1.8.5-18.fc11,pcmanx-gtk2-0.3.9-2.20100210svn.fc11,galeon-2.0.7-20.fc11,hulahop-0.4.9-12.fc11,eclipse-3.4.2-20.fc11,evolution-rss-0.1.4-10.fc11,gnome-web-photo-0.7-10.fc11,gnome-python2-extras-2.25.3-11.fc11,monodevelop-2.0-9.fc11,Miro-2.5.4-2.fc11,kazehakase-0.5.8-5.fc11,mozvoikko-0.9.7-0.11.rc1.fc11,google-gadgets-0.11.1-5.fc11,perl-Gtk2-MozEmbed-0.08-6.fc11.9,ruby-gnome2-0.19.3-6.fc11,yelp-2.26.0-11.fc11,epiphany-extensions-2.26.1-10.fc11,firefox-3.5.8-1.fc11,xulrunner-1.9.1.8-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/chmsee-1.0.1-15.fc11,epiphany-2.26.3-8.fc11,blam-1.8.5-18.fc11,pcmanx-gtk2-0.3.9-2.20100210svn.fc11,galeon-2.0.7-20.fc11,hulahop-0.4.9-12.fc11,eclipse-3.4.2-20.fc11,evolution-rss-0.1.4-10.fc11,gnome-web-photo-0.7-10.fc11,gnome-python2-extras-2.25.3-11.fc11,monodevelop-2.0-9.fc11,Miro-2.5.4-2.fc11,kazehakase-0.5.8-5.fc11,mozvoikko-0.9.7-0.11.rc1.fc11,google-gadgets-0.11.1-5.fc11,perl-Gtk2-MozEmbed-0.08-6.fc11.9,ruby-gnome2-0.19.3-6.fc11,yelp-2.26.0-11.fc11,epiphany-extensions-2.26.1-10.fc11,firefox-3.5.8-1.fc11,xulrunner-1.9.1.8-1.fc11
seamonkey-2.0.3-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
firefox-3.5.8-1.fc11, xulrunner-1.9.1.8-1.fc11, chmsee-1.0.1-15.fc11, epiphany-2.26.3-8.fc11, blam-1.8.5-18.fc11, pcmanx-gtk2-0.3.9-2.20100210svn.fc11, galeon-2.0.7-20.fc11, hulahop-0.4.9-12.fc11, eclipse-3.4.2-20.fc11, evolution-rss-0.1.4-10.fc11, gnome-web-photo-0.7-10.fc11, gnome-python2-extras-2.25.3-11.fc11, monodevelop-2.0-9.fc11, Miro-2.5.4-2.fc11, kazehakase-0.5.8-5.fc11, mozvoikko-0.9.7-0.11.rc1.fc11, google-gadgets-0.11.1-5.fc11, perl-Gtk2-MozEmbed-0.08-6.fc11.9, ruby-gnome2-0.19.3-6.fc11, yelp-2.26.0-11.fc11, epiphany-extensions-2.26.1-10.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
firefox-3.5.8-1.fc12, xulrunner-1.9.1.8-1.fc12, gnome-python2-extras-2.25.3-16.fc12, perl-Gtk2-MozEmbed-0.08-6.fc12.11, blam-1.8.5-22.fc12, gnome-web-photo-0.9-5.fc12, mozvoikko-1.0-8.fc12, galeon-2.0.7-20.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
Is Thunderbird 3.0.1 vulnerable to this? The bug page at Mozilla says Thunderbird 3.0.2 is needed to fix it: http://www.mozilla.org/security/announce/2010/mfsa2010-03.html
thunderbird-3.0.2-1.fc12,sunbird-1.0-0.19.20090916hg.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/thunderbird-3.0.2-1.fc12,sunbird-1.0-0.19.20090916hg.fc12
thunderbird-3.0.2-1.fc11,sunbird-1.0-0.14.20090715hg.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/thunderbird-3.0.2-1.fc11,sunbird-1.0-0.14.20090715hg.fc11
thunderbird-3.0.2-1.fc12, sunbird-1.0-0.19.20090916hg.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
thunderbird-3.0.2-1.fc11, sunbird-1.0-0.14.20090715hg.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0153 https://rhn.redhat.com/errata/RHSA-2010-0153.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0154 https://rhn.redhat.com/errata/RHSA-2010-0154.html