Mozilla Foundation Security Advisory 2006-69

CSS cursor image buffer overflow (Windows only)

Announced

December 19, 2006

Reporter

Frederik Reiss

Impact

Critical

Products

Firefox, SeaMonkey, Thunderbird

Fixed in

Firefox 1.5.0.9
Firefox 2.0.0.1
SeaMonkey 1.0.7
Thunderbird 1.5.0.9

Description

Frederik Reiss reported a crash when using the CSS cursor property to set the cursor to certain images on Windows. A miscalculated size during conversion of the image to a Windows bitmap can result in a heap buffer overflow which could be used to compromise the victim's computer.

This flaw affects both Firefox 2 and Firefox 1.5 but not the earlier Firefox 1.0 or Mozilla Suite

Workaround

Upgrade to a fixed version.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=353553
CVE-2006-6500

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice