Vulnerability Note VU#876420

Mozilla fails to properly handle garbage collection

According to Mozilla:

Garbage collection is generally used to refer to algorithms that (1) determine which objects are still needed by starting from a set of roots and finding all objects reachable from those objects and (2) returning all remaining objects to the heap. The roots include things like global variables and variables on the current call stack. Mozilla's JavaScript engine uses one of the most common garbage collection algorithms, mark and sweep, in which the garbage collector clears the mark bit on each object, sets the mark bits on all roots and all objects reachable from them, and then finalizes all objects not marked and returns the memory they used to the heap.

This vulnerability is addressed in Firefox 1.5.0.5, Thunderbird 1.5.0.5, and SeaMonkey 1.0.3 according to the Mozilla Foundation Security Update 2006-50.

Disable JavaScript

This vulnerability can be mitigated by disabling JavaScript.

Systems Affected

http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
https://bugzilla.mozilla.org/show_bug.cgi?id=324117
https://bugzilla.mozilla.org/show_bug.cgi?id=325425
https://bugzilla.mozilla.org/show_bug.cgi?id=339785
https://bugzilla.mozilla.org/show_bug.cgi?id=340129
https://bugzilla.mozilla.org/show_bug.cgi?id=341877
https://bugzilla.mozilla.org/show_bug.cgi?id=341956
https://bugzilla.mozilla.org/show_bug.cgi?id=338804
http://secunia.com/advisories/19873/
http://secunia.com/advisories/21216/
http://secunia.com/advisories/21229/
http://secunia.com/advisories/21228/
https://issues.rpath.com/browse/RPL-537
http://www.securityfocus.com/bid/19181

Credit

This vulnerability was reported by the Mozilla Foundation, who in turn credit Igor Bukanov and shutdown.

This document was written by Will Dormann.

Other Information

If you have feedback, comments, or additional information about this vulnerability, please send us email.