DescriptionMozilla Firefox before 184.108.40.206 and 3.x before 3.0.1, Thunderbird before 220.127.116.11, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
|National Vulnerability Database|
SUSE Timeline for this CVECVE page created: Tue Jul 9 16:01:29 2013
CVE page last modified: Fri Oct 7 12:45:41 2022