Security researchers have discovered a “highly critical” security hole in
the Netscape and Mozilla browsers that puts users at risk of computer
According to an advisory from iDefense, the vulnerability is caused by an integer
overflow within the SOAPParameter object’s constructor.
SOAPParameter objects handle support for SOAP
XML-based messaging protocol that defines rules for structuring messages.
“Successful exploitation allows the remote attacker to execute arbitrary
code in the context of the user running the browser,” iDefense warned.
The company warned that the flaw can be exploited via specially created
include Mozilla 1.6; and Netscape versions 7.0 and 7.1.
The open-source Mozilla Foundation has released an update to fix the
“Netscape have not released any information indicating they are intending
future versions of the Netscape browser, and no longer have any developers
working on this project,” iDefense said.
as a workaround.