String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.

在Mozilla 1.7.3、Firefox 1.0 和 thunderbird 1.0.2 之前，例如 nsTSubstring_CharT::Replace 函数，字符串处理函数未能正确检查其他 resize 字符串 函数的返回值，这允许远程攻击者通过强制一个内存不足的状态，导致内存分配失败，并返回一个固定地址的指针，这会导致堆损坏。

NVD 暂无评分

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）