SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#609956

Mozilla products vulnerable to memory corruption in the JavaScript engine

Overview

A vulnerability in the Mozilla JavaScript engine may allow execution of arbitrary code or denial of service.

I. Description

The Mozilla JavaScript engine contains an unspecified vulnerability that may result in memory corruption. The impact of this memory corruption is unclear. According to Mozilla Foundation Security Advisory 2007-12:

    Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Information about the individual bug reports addressed in this update can be found in Mozilla Foundation Security Advisory 2007-12.

II. Impact

Potential consequences include remote execution of arbitrary code and denial of service.

III. Solution

Upgrade

These vulnerabilities are addressed in Firefox 2.0.0.4, Firefox 1.5.0.12, Thunderbird 2.0.0.4, Thunderbird 1.5.0.12, SeaMonkey 1.0.9, SeaMonkey 1.1.2.

Users that are unable to update should consider the following workaround:

Disable JavaScript

For instructions on how to disable JavaScript in Firefox, please refer to the Firefox section of the Securing Your Web Browser document.

Systems Affected

VendorStatusDate Updated
MozillaVulnerable31-May-2007

References


http://www.mozilla.org/security/announce/2007/mfsa2007-12.html
https://bugzilla.mozilla.org/show_bug.cgi?id=351102
https://bugzilla.mozilla.org/show_bug.cgi?id=369666
https://bugzilla.mozilla.org/show_bug.cgi?id=367561
https://bugzilla.mozilla.org/show_bug.cgi?id=370101
https://bugzilla.mozilla.org/show_bug.cgi?id=370488
https://bugzilla.mozilla.org/show_bug.cgi?id=375183
https://bugzilla.mozilla.org/show_bug.cgi?id=367630
https://bugzilla.mozilla.org/show_bug.cgi?id=375711
https://bugzilla.mozilla.org/show_bug.cgi?id=367121
https://bugzilla.mozilla.org/show_bug.cgi?id=369714
http://secunia.com/advisories/25489/

Credit

These vulnerabilities were reported in Mozilla Foundation Security Advisory 2007-12. Mozilla credits Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir Palant with reporting these issues.

This document was written by Chris Taschner.

Other Information

Date Public05/31/2007
Date First Published05/31/2007 02:04:08 PM
Date Last Updated06/20/2007
CERT Advisory 
CVE NameCVE-2007-2868
US-CERT Technical Alerts 
Metric8.19
Document Revision35

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader