Info

Last Modified

6 months ago

Percent Complete

100%

Disclosure

Feb 23, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A memory corruption flaw exists in multiple Mozilla products. This issue is due to a error in the Javascript engine. With a malformed Javascript applet, an attacker can cause a denial of service and possibly arbitrary code exection resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to Firefox 2.0.0.2 or 1.5.0.10, Thunderbird 1.5.0.10, SeaMonkey 1.0.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization	Firefox	1.0
		1.0.x
		1.5.0.1
		1.5.0.2
		1.5.0.3
		1.5.0.4
		1.5.0.5
		1.5.0.6
		1.5.0.7
		1.5.0.8
		1.5.0.9
		1.5
		2.0
		2.0.0.1
	Thunderbird	0.x
		1.0.2
		1.0.5
		1.0.6
		1.0.7
		1.0.8
		1.5
		1.5.0.2
		1.5.0.4
		1.5.0.5
		1.5.0.7
		1.5.0.8
		1.5.0.9
	SeaMonkey	1.0
		1.0.1
		1.0.2
		1.0.3
		1.0.4
		1.0.5
		1.0.6
		1.0.7

References

Tools & Filters

Nessus	24701 24707 24708 24735 24748 24753 24771 24774 24778 24800 24867 25000 25318 27129 28021 28022 28025

Credit

Brian Crowder -
Igor Bukanov -
Johnny Stenback -
moz_bug_r_a4 - -
shutdown -

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mozilla Organization

Firefox

Thunderbird

SeaMonkey

References

Tools & Filters

Credit

Blogs

Comments