Daniel De Wildt

**Name of the Vulnerable Software and Affected Versions** Mozilla versions 1.7.3 Firefox version 1.0 Thunderbird versions prior to 1.0.2 **Description** The issue is related to string handling functions, such as the `nsTSubstring CharT::Replace` function, which do not properly check the return values of other functions that resize the string. This allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, leading to heap corruption. **Recommendations** For Mozilla version 1.7.3, update to a version that includes the fix for this issue. For Firefox version 1.0, update to a version that includes the fix for this issue. For Thunderbird versions prior to 1.0.2, update to version 1.0.2 or later.