Denial of Service in Mozilla Firefox and Thunderbird due to CSS Vulnerability
CVE-2006-1739

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird; Seamonkey; Mozilla Suite
Vendor: CVE Published:; 14 April 2006

Summary

Mozilla Firefox and Thunderbird versions prior to specified updates are vulnerable to a denial of service attack due to a flaw in the handling of Cascading Style Sheets (CSS). The issue arises from faulty border-rendering code that allows remote attackers to induce an out-of-bounds array write, potentially leading to a buffer overflow. This vulnerability could result in application crashes and may allow attackers to execute arbitrary code, compromising user systems.

References

http://www.kb.cert.org/vuls/id/935556

third-party-advisoryx_refsource_CERT-VN

https://usn.ubuntu.com/275-1/

vendor-advisoryx_refsource_UBUNTU

http://www.redhat.com/support/errata/RHSA-2006-0330.html

vendor-advisoryx_refsource_REDHAT

EPSS Score

33% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 14, 2006
Vulnerability Reserved
Apr 12, 2006