The Layout Engine in the Mozilla 1.7 application (see mozilla(1)) contains multiple memory corruption vulnerabilities which may allow a remote user who is able to create a web page which is visited by a local user using the Mozilla browser, or who sends a specially crafted email that is read by a local user using Mozilla, to either cause the Mozilla application to crash or execute arbitrary code with the privileges of the user running Mozilla. The ability of a remote user to cause the Mozilla application to crash is a type of Denial of Service (DoS).
The following Mozilla advisory describes four separate memory corruption issues:
This Sun Alert corresponds to two of the issues described in the Mozilla advisory above:
Also note that Mozilla 1.7 is not affected by the following two vulnerabilities mentioned in the advisory:
Additional references that describe these issues can be found in the following documents:
CVE-2006-5464 at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5464
CERT VU#495288 at http://www.kb.cert.org/vuls/id/495288
CERT Security Alert TA06-312A at http://www.us-cert.gov/cas/techalerts/TA06-312A.html