Lucene search

K

SecurityvulnsSECURITYVULNS:DOC:17139

HistoryJun 01, 2007 - 12:00 a.m.

Mozilla Foundation Security Advisory 2007-12

2007-06-0100:00:00

vulners.com

14

Mozilla Foundation Security Advisory 2007-12
Title: Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4)
Impact: Critical
Announced: May 30, 2007
Reporter: Mozilla developers and community
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 2.0.0.4
Firefox 1.5.0.12
Thunderbird 2.0.0.4
Thunderbird 1.5.0.12
SeaMonkey 1.0.9
SeaMonkey 1.1.2
Description
As part of the Firefox 2.0.0.4 and 1.5.0.12 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images.
Workaround
Upgrade to the fixed versions. Do not enable JavaScript in Thunderbird or the mail portions of SeaMonkey.
References
Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn Wargers and Olli Pettay reported crashes in the layout engine.

CVE-2007-2867
https://bugzilla.mozilla.org/show_bug.cgi?id=377216
https://bugzilla.mozilla.org/show_bug.cgi?id=370360
https://bugzilla.mozilla.org/show_bug.cgi?id=372285
https://bugzilla.mozilla.org/show_bug.cgi?id=306902
https://bugzilla.mozilla.org/show_bug.cgi?id=348492
https://bugzilla.mozilla.org/show_bug.cgi?id=369150
https://bugzilla.mozilla.org/show_bug.cgi?id=369249
https://bugzilla.mozilla.org/show_bug.cgi?id=372237
https://bugzilla.mozilla.org/show_bug.cgi?id=372376
https://bugzilla.mozilla.org/show_bug.cgi?id=376223
https://bugzilla.mozilla.org/show_bug.cgi?id=336574
https://bugzilla.mozilla.org/show_bug.cgi?id=336744
https://bugzilla.mozilla.org/show_bug.cgi?id=336994
https://bugzilla.mozilla.org/show_bug.cgi?id=362708
https://bugzilla.mozilla.org/show_bug.cgi?id=369542
https://bugzilla.mozilla.org/show_bug.cgi?id=371124
https://bugzilla.mozilla.org/show_bug.cgi?id=378273
https://bugzilla.mozilla.org/show_bug.cgi?id=378325
https://bugzilla.mozilla.org/show_bug.cgi?id=374584
https://bugzilla.mozilla.org/show_bug.cgi?id=375196

Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir Palant reported potential memory corruption in the JavaScript engine.

CVE-2007-2868
https://bugzilla.mozilla.org/show_bug.cgi?id=351102
https://bugzilla.mozilla.org/show_bug.cgi?id=369666
https://bugzilla.mozilla.org/show_bug.cgi?id=367561
https://bugzilla.mozilla.org/show_bug.cgi?id=370101
https://bugzilla.mozilla.org/show_bug.cgi?id=370488
https://bugzilla.mozilla.org/show_bug.cgi?id=375183
https://bugzilla.mozilla.org/show_bug.cgi?id=367630
https://bugzilla.mozilla.org/show_bug.cgi?id=375711
https://bugzilla.mozilla.org/show_bug.cgi?id=367121
https://bugzilla.mozilla.org/show_bug.cgi?id=369714

Related for SECURITYVULNS:DOC:17139

mozilla1 nessus47 openvas70 fedora16 ubuntu2 osv4 debian4 cve2 prion2 checkpoint_advisories3 veracode2 cert2 ubuntucve2 oraclelinux3 redhat3 centos4 gentoo1 suse1 securityvulns1