Vulnerability Note VU#390480

Mozilla products vulnerable to memory corruption

Original Release date: 08 Nov 2006 | Last revised: 21 Dec 2006

Overview

A vulnerability exists in the way Mozilla products process JavaScript. This vulnerability may allow an attacker to execute arbitrary code.

Description

The Mozilla Foundation supports several Open Source projects, including the Mozilla, Seamonkey, and Firefox web browsers. The Thunderbird email client is also a Mozilla product.

An unspecified vulnerability exists in the way Mozilla products process JavaScript. For more information refer to Mozilla Foundation Security Advisory 2006-67.

Note that other Mozilla-based applications may also be affected.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code.

Solution

Upgrade
See Mozilla Foundation Security Advisory 2006-67 for information about affected clients.


Disable Javascript

Disabling JavaScript may mitigate the impact of this vulnerability. See the Securing Your Web Browser document for more information.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
MozillaAffected-08 Nov 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to the Mozilla Foundation for information about this vulnerability.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2006-5748
  • Date Public: 08 Nov 2006
  • Date First Published: 08 Nov 2006
  • Date Last Updated: 21 Dec 2006
  • Severity Metric: 0.45
  • Document Revision: 28

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.