Security Hero Rotating Header Image

Mozilla Products Graphic Rendering Memory Corruption Vulnerability

Mozilla Products Graphic Rendering Memory Corruption Vulnerability


A memory corruption vulnerability exists in various Mozilla products, allowing a remote attacker to compromise targeted systems upon viewing malicious HTML document.


Full compromise of the targeted system.


  • Critical

Affected Software:

  • Firefox version older than 3.0.2
  • Firefox version older than
  • Thunderbird version older than
  • SeaMonkey version older than 1.1.12

Additional Information:

The vulnerability lies in common graphics routines rendering, and is caused by insufficient checking of long strings when displaying them. There are two main attack scenarios:

1) A malicious html page could be hosted on a rogue or hacked web server, targeting users who browse the page in Firefox or Seamonkey.
2) A malicious html formatted e-mail could be mailed (or mass-mailed), targeting recipients who open the e-mail in Thunderbird or Seamonkey.


  • Upgrade to latest version available from
  • Disable JavaScript until a version containing the fix is installed.



  • David Maciejak of Fortinet’s FortiGuard Global Security Research Team


Leave a Reply

Your email address will not be published. Required fields are marked *