CVE-2006-0297

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 1.5 Thunderbird versions 1.5 SeaMonkey versions prior to 1.0

Description The issue is related to multiple integer overflows that could allow remote attackers to execute arbitrary code. This is possible via the EscapeAttributeValue in jsxml.c for E4X, nsSVGCairoSurface::Init in SVG, and nsCanvasRenderingContext2D.cpp in Canvas, when Javascript is enabled in mail.

Recommendations For Mozilla Firefox version 1.5, update to a version that contains a fix for this issue. For Thunderbird version 1.5, update to a version that contains a fix for this issue. For SeaMonkey versions prior to 1.0, update to version 1.0 or later.