Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Mozilla Thunderbird 1.5.0.1
Mozilla Thunderbird 1.5
Mozilla Thunderbird 1.5 Beta 2
Mozilla Thunderbird 1.0.7
Mozilla Thunderbird 1.0.6
Mozilla Thunderbird 1.0.5 Beta
Mozilla Thunderbird 1.0.5
Mozilla Thunderbird 1.0.4
Mozilla Thunderbird 1.0.3
Mozilla Thunderbird 1.0.2
Mozilla Thunderbird 1.0.1
Mozilla Thunderbird 1.0
Mozilla SeaMonkey 1.0 beta
Mozilla Mozilla Suite 1.7.12
Mozilla Seamonkey 1.0 Alpha (not an official CPE)
Mozilla Mozilla Suite 1.7.11
Mozilla Mozilla Suite 1.7.10
Mozilla Mozilla Suite 1.7.8
Mozilla Mozilla Suite 1.7.7
Mozilla Mozilla Suite 1.7.6
Mozilla Firefox 1.5 Beta 2
Mozilla Firefox 1.5.0.1
Mozilla Firefox 1.5 Beta 1
Mozilla Firefox 1.5
Mozilla Firefox 1.0.7
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.4
Mozilla Firefox 1.0.3
Mozilla Firefox 1.0.2
Mozilla Firefox 1.0.1
Mozilla Firefox 1.0