First published: Wed Sep 24 2008(Updated: )
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <2.0.0.17 | |
Mozilla Firefox | >=3.0<3.0.2 | |
Mozilla SeaMonkey | <1.1.12 | |
Mozilla Thunderbird | <2.0.0.17 | |
Debian Debian Linux | =4.0 | |
Canonical Ubuntu Linux | =6.06 | |
Canonical Ubuntu Linux | =7.04 | |
Canonical Ubuntu Linux | =7.10 | |
Canonical Ubuntu Linux | =8.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.