logo
DATABASE RESOURCES PRICING ABOUT US

Mozilla Foundation Security Advisory 2006-71

Description

Mozilla Foundation Security Advisory 2006-71 Title: LiveConnect crash finalizing JS objects Impact: Critical Announced: December 19, 2006 Reporter: Steven Michaud Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 Thunderbird 1.5.0.9 SeaMonkey 1.0.7 Description Steven Michaud reported a crash in LiveConnect, the bridge code that allows Java applets and web JavaScript to communicate. The crash is due to re-use of an already-freed object and we presume this could be exploited with enough effort. Note: Thunderbird does not load Java applets or other plugins in mail messages and is therefore not vulnerable to this flaw unless a user has customized their version of Thunderbird to remove this restriction. Workaround Disable Java to disable LiveConnect until you install a fixed version. References https://bugzilla.mozilla.org/show_bug.cgi?id=352064 CVE-2006-6502 * Site Map


Related