|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#876420
Mozilla fails to properly handle garbage collection
OverviewThe Mozilla JavaScript engine fails to properly perform garbage collection, which may allow a remote attacker to execute arbitrary code on a vulnerable system.
I. DescriptionGarbage collection
According to Mozilla:
Garbage collection is generally used to refer to algorithms that (1) determine which objects are still needed by starting from a set of roots and finding all objects reachable from those objects and (2) returning all remaining objects to the heap. The roots include things like global variables and variables on the current call stack. Mozilla's JavaScript engine uses one of the most common garbage collection algorithms, mark and sweep, in which the garbage collector clears the mark bit on each object, sets the mark bits on all roots and all objects reachable from them, and then finalizes all objects not marked and returns the memory they used to the heap.
The problem
In some situations, garbage collection could delete an object that was in active use.
II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. The attacker could also cause the vulnerable application to crash.
III. SolutionApply an update
This vulnerability is addressed in Firefox 1.5.0.5, Thunderbird 1.5.0.5, and SeaMonkey 1.0.3 according to the Mozilla Foundation Security Update 2006-50.
Disable JavaScript
This vulnerability can be mitigated by disabling JavaScript.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
| Mozilla, Inc. | Vulnerable | 27-Jul-2006 |
References
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
https://bugzilla.mozilla.org/show_bug.cgi?id=324117
https://bugzilla.mozilla.org/show_bug.cgi?id=325425
https://bugzilla.mozilla.org/show_bug.cgi?id=339785
https://bugzilla.mozilla.org/show_bug.cgi?id=340129
https://bugzilla.mozilla.org/show_bug.cgi?id=341877
https://bugzilla.mozilla.org/show_bug.cgi?id=341956
https://bugzilla.mozilla.org/show_bug.cgi?id=338804
http://secunia.com/advisories/19873/
http://secunia.com/advisories/21216/
http://secunia.com/advisories/21229/
http://secunia.com/advisories/21228/
https://issues.rpath.com/browse/RPL-537
http://www.securityfocus.com/bid/19181
Credit
This vulnerability was reported by the Mozilla Foundation, who in turn credit Igor Bukanov and shutdown.
This document was written by Will Dormann.
Other Information
| Date Public: | 2006-07-25 |
| Date First Published: | 2006-07-27 |
| Date Last Updated: | 2007-02-09 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2006-3805 |
| NVD-ID(s): | CVE-2006-3805 |
| US-CERT Technical Alerts: | |
| Metric: | 6.71 |
| Document Revision: | 7 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|