SecuritySpace - CVE-2010-0166

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2010-0166

Description: The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2010-0166
BugTraq ID: 38918
http://www.securityfocus.com/bid/38918
BugTraq ID: 38943
http://www.securityfocus.com/bid/38943
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14182
http://www.vupen.com/english/advisories/2010/0692

CVE ID:	CVE-2010-0166
Description:	The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0166 BugTraq ID: 38918 http://www.securityfocus.com/bid/38918 BugTraq ID: 38943 http://www.securityfocus.com/bid/38943 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14182 http://www.vupen.com/english/advisories/2010/0692