CVE-2005-0255

Name of the Vulnerable Software and Affected Versions Mozilla versions 1.7.3 Firefox version 1.0 Thunderbird versions prior to 1.0.2

Description The issue is related to string handling functions, such as the nsTSubstring CharT::Replace function, which do not properly check the return values of other functions that resize the string. This allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, leading to heap corruption.

Recommendations For Mozilla version 1.7.3, update to a version that includes the fix for this issue. For Firefox version 1.0, update to a version that includes the fix for this issue. For Thunderbird versions prior to 1.0.2, update to version 1.0.2 or later.