Integer Overflow Vulnerability in Mozilla Firefox and Thunderbird
CVE-2006-1730

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird; Seamonkey; Mozilla Suite
Vendor: CVE Published:; 14 April 2006

Summary

An integer overflow vulnerability exists in Mozilla Firefox and Thunderbird that can be exploited by remote attackers to execute arbitrary code. The flaw arises from mismanagement of a large number within the CSS letter-spacing property, resulting in a heap-based buffer overflow. This vulnerability affects multiple versions of Mozilla products, highlighting the need for users to update their software promptly to mitigate the risk of exploitation.

References

http://www.mozilla.org/security/announce/2006/mfsa2006-22...

x_refsource_CONFIRM

https://usn.ubuntu.com/275-1/

vendor-advisoryx_refsource_UBUNTU

http://www.vupen.com/english/advisories/2006/3748

vdb-entryx_refsource_VUPEN

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 14, 2006
Vulnerability Reserved
Apr 12, 2006