Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-06-19T21:00:00
Updated: 2018-10-11T19:57:01
Reserved: 2008-06-19T00:00:00
Link: CVE-2008-2785
JSON object: View
NVD Information
Status : Modified
Published: 2008-06-19T21:41:00.000
Modified: 2018-10-11T20:42:54.587
Link: CVE-2008-2785
JSON object: View
Redhat Information
No data.
CWE