Vulnerability Note VU#876420

Mozilla fails to properly handle garbage collection

Original Release date: 27 Jul 2006 | Last revised: 09 Feb 2007

Overview

The Mozilla JavaScript engine fails to properly perform garbage collection, which may allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

Garbage collection

According to Mozilla:

    Garbage collection is generally used to refer to algorithms that (1) determine which objects are still needed by starting from a set of roots and finding all objects reachable from those objects and (2) returning all remaining objects to the heap. The roots include things like global variables and variables on the current call stack. Mozilla's JavaScript engine uses one of the most common garbage collection algorithms, mark and sweep, in which the garbage collector clears the mark bit on each object, sets the mark bits on all roots and all objects reachable from them, and then finalizes all objects not marked and returns the memory they used to the heap.

The problem

In some situations, garbage collection could delete an object that was in active use.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. The attacker could also cause the vulnerable application to crash.

Solution

Apply an update

This vulnerability is addressed in Firefox 1.5.0.5, Thunderbird 1.5.0.5, and SeaMonkey 1.0.3 according to the Mozilla Foundation Security Update 2006-50.

Disable JavaScript


This vulnerability can be mitigated by disabling JavaScript.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Mozilla, Inc.Affected-27 Jul 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by the Mozilla Foundation, who in turn credit Igor Bukanov and shutdown.

This document was written by Will Dormann.

Other Information

  • CVE IDs: CVE-2006-3805
  • Date Public: 25 Jul 2006
  • Date First Published: 27 Jul 2006
  • Date Last Updated: 09 Feb 2007
  • Severity Metric: 6.71
  • Document Revision: 7

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.