CVE-2010-0166

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.6.2

Description The issue is related to the gfxTextRun::SanitizeGlyphRuns function in the browser engine, specifically when the Core Text API is used on Mac OS X. It does not properly handle certain deletions, which can be exploited by remote attackers using an HTML document containing invisible Unicode characters, such as U+FEFF, U+FFF9, U+FFFA, and U+FFFB. This can lead to a denial of service due to memory corruption and application crash, and potentially allow the execution of arbitrary code.

Recommendations For Mozilla Firefox versions prior to 3.6.2, update to version 3.6.2 or later to resolve the issue.