Mozilla Foundation Security Advisory 2007-18

2007-07-19T00:00:00
ID SECURITYVULNS:DOC:17520
Type securityvulns
Reporter Securityvulns
Modified 2007-07-19T00:00:00

Description

Mozilla Foundation Security Advisory 2007-18 Title: Crashes with evidence of memory corruption Impact: Critical Announced: July 17, 2007 Reporter: Mozilla developers and community Products: Firefox, Thunderbird and Seamonkey

Fixed in: Firefox 2.0.0.5, Thunderbird 2.0.0.5 Description As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images.

References Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson,and Vladimir Sukhoy reported crashes in the browser engine.

https://bugzilla.mozilla.org/show_bug.cgi?id=376924 https://bugzilla.mozilla.org/show_bug.cgi?id=374810 https://bugzilla.mozilla.org/show_bug.cgi?id=321224 https://bugzilla.mozilla.org/show_bug.cgi?id=344300 https://bugzilla.mozilla.org/show_bug.cgi?id=380100 https://bugzilla.mozilla.org/show_bug.cgi?id=384344 https://bugzilla.mozilla.org/show_bug.cgi?id=386382 https://bugzilla.mozilla.org/show_bug.cgi?id=382700 https://bugzilla.mozilla.org/show_bug.cgi?id=351236 https://bugzilla.mozilla.org/show_bug.cgi?id=382568 https://bugzilla.mozilla.org/show_bug.cgi?id=382681 https://bugzilla.mozilla.org/show_bug.cgi?id=382778 https://bugzilla.mozilla.org/show_bug.cgi?id=385715 https://bugzilla.mozilla.org/show_bug.cgi?id=344228 https://bugzilla.mozilla.org/show_bug.cgi?id=366128 https://bugzilla.mozilla.org/show_bug.cgi?id=380856 https://bugzilla.mozilla.org/show_bug.cgi?id=382754 https://bugzilla.mozilla.org/show_bug.cgi?id=375399 https://bugzilla.mozilla.org/show_bug.cgi?id=374102 https://bugzilla.mozilla.org/show_bug.cgi?id=378682 https://bugzilla.mozilla.org/show_bug.cgi?id=381167 https://bugzilla.mozilla.org/show_bug.cgi?id=382444 https://bugzilla.mozilla.org/show_bug.cgi?id=384663 https://bugzilla.mozilla.org/show_bug.cgi?id=386254 https://bugzilla.mozilla.org/show_bug.cgi?id=368863

Asaf Romano, Jesse Ruderman, Igor Bukanov reported crashes in the JavaScript engine.

https://bugzilla.mozilla.org/show_bug.cgi?id=381374 https://bugzilla.mozilla.org/show_bug.cgi?id=375976 https://bugzilla.mozilla.org/show_bug.cgi?id=380933 https://bugzilla.mozilla.org/show_bug.cgi?id=382253 https://bugzilla.mozilla.org/show_bug.cgi?id=379245 https://bugzilla.mozilla.org/show_bug.cgi?id=382503 https://bugzilla.mozilla.org/show_bug.cgi?id=358594

CVE-2007-3734 CVE-2007-3735