Mozilla JavaScript engine vulnerable to memory corruption

Overview

The Mozilla JavaScript engine contains multiple memory corruption vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, or create a denial of service condition.

Description

The Mozilla Foundation supports several Open Source projects, including the Mozilla, Seamonkey, and Firefox web browsers. The Thunderbird email client is also a Mozilla product.

Multiple memory corruption vulnerabilities exist in the way Mozilla products process JavaScript. For more information refer to Mozilla Foundation Security Advisory 2007-01.

Note that other Mozilla-based applications may also be affected.

---

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or create a denial of service condition.

---

Solution

Upgrade
See Mozilla Foundation Security Advisory 2007-01 for information about affected clients.

---

Disable Javascript

Disabling JavaScript may mitigate this vulnerability. See the Securing Your Web Browser document for more information.

---

Vendor Information

269484

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Mozilla __ Affected

Updated: February 23, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See <http://www.mozilla.org/security/announce/2007/mfsa2007-01.html&gt; for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23269484 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.mozilla.org/security/announce/2007/mfsa2007-01.html&gt;
• <http://www.mozilla.org/products/mozilla1.x/&gt;
• <http://www.mozilla.com/en-US/&gt;
• <http://www.mozilla.com/en-US/thunderbird/&gt;
• <http://www.mozilla.org/security/announce/2007/mfsa2007-01.html&gt;
• <http://www.cert.org/tech_tips/securing_browser/&gt;
• <http://secunia.com/advisories/24238/&gt;
• <http://secunia.com/advisories/24287/&gt;
• <http://secunia.com/advisories/24252/&gt;
• <http://secunia.com/advisories/24320/&gt;
• <http://secunia.com/advisories/24328/&gt;
• <http://secunia.com/advisories/24293/&gt;
• <http://secunia.com/advisories/24327/&gt;
• <http://secunia.com/advisories/24343/&gt;
• <http://secunia.com/advisories/24333/&gt;
• <http://secunia.com/advisories/24393/&gt;
• <http://secunia.com/advisories/24352/&gt;
• <http://www.ciac.org/ciac/bulletins/r-164.shtml&gt;
• <http://secunia.com/advisories/24406/&gt;
• <http://secunia.com/advisories/24432/&gt;
• <http://secunia.com/advisories/24410/&gt;
• <http://secunia.com/advisories/24389/&gt;
• <http://secunia.com/advisories/24455/&gt;
• <http://secunia.com/advisories/24456/&gt;
• <http://secunia.com/advisories/24457/&gt;

Acknowledgements

Thanks to Mozilla for information used in this report. Mozilla thanks Brian Crowder, Igor Bukanov, Johnny Stenback, moz_bug_r_a4 and shutdown.

This document was written by Ryan Giobbi.

Other Information

CVE IDs:	CVE-2007-0777
Severity Metric:	2.65 Date Public: