Mozilla · Firefox · CVE-2006-2778
**Name of the Vulnerable Software and Affected Versions**
Mozilla Firefox versions prior to 1.5.0.4
Mozilla Thunderbird versions prior to 1.5.0.4
**Description**
The issue allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments. This is caused by an invalid array index that triggers a buffer overflow in the `crypto.signText` function.
**Recommendations**
For Mozilla Firefox versions prior to 1.5.0.4, update to version 1.5.0.4 or later to resolve the issue.
For Mozilla Thunderbird versions prior to 1.5.0.4, update to version 1.5.0.4 or later to resolve the issue.