CVE-2005-0255

Publication date 2 May 2005

Last updated 17 July 2025

Ubuntu priority

String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mozilla	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Not affected
mozilla-thunderbird	7.10 gutsy	Not in release
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

References

Related Ubuntu Security Notices (USN)

USN-149-3
Ubuntu 4.10 update for Firefox vulnerabilities
28 July 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-0255