Info

Disclosure

Feb 23, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A memory corruption flaw exists in multiple Mozilla products. This issue is due to a error in the Javascript engine. With a malformed Javascript applet, an attacker can cause a denial of service and possibly arbitrary code exection resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to Firefox 2.0.0.2 or 1.5.0.10, Thunderbird 1.5.0.10, SeaMonkey 1.0.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization	SeaMonkey	1.0
		1.0.1
		1.0.2
		1.0.3
		1.0.4
		1.0.5
		1.0.6
		1.0.7
	Thunderbird	0.x
		1.0.2
		1.0.5
		1.0.6
		1.0.7
		1.0.8
		1.5
		1.5.0.2
		1.5.0.4
		1.5.0.5
		1.5.0.7
		1.5.0.8
		1.5.0.9
	Firefox	1.0.x
		1.0
		1.5.0.1
		1.5.0.2
		1.5.0.3
		1.5.0.4
		1.5.0.5
		1.5.0.6
		1.5.0.7
		1.5.0.8
		1.5.0.9
		1.5
		2.0
		2.0.0.1

References

Credit

Brian Crowder -
Igor Bukanov -
Johnny Stenback -
moz_bug_r_a4 - -
shutdown -

Direct URL: http://osvdb.org/32115

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mozilla Organization

SeaMonkey

Thunderbird

Firefox

References

Credit