9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.454 Medium
EPSS
Percentile
97.4%
Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not
properly check when the Flash module has been dynamically unloaded
properly, which allows remote attackers to execute arbitrary code via a
crafted SWF file that “dynamically unloads itself from an outside
JavaScript function,” which triggers an access of an expired memory
address.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | firefox | < 1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1 | UNKNOWN |
ubuntu | 7.10 | noarch | firefox | < 2.0.0.18+nobinonly-0ubuntu0.7.10 | UNKNOWN |
ubuntu | 8.04 | noarch | firefox | < 2.0.0.18+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.04 | noarch | firefox-3.0 | < 3.0.4+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | firefox-3.0 | < 3.0.4+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |
ubuntu | 6.06 | noarch | mozilla-thunderbird | < 1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1 | UNKNOWN |
ubuntu | 8.04 | noarch | seamonkey | < 1.1.15+nobinonly-0ubuntu0.8.04.2 | UNKNOWN |
ubuntu | 8.10 | noarch | seamonkey | < 1.1.15+nobinonly-0ubuntu0.8.10.2 | UNKNOWN |
ubuntu | 7.10 | noarch | thunderbird | < 2.0.0.18+nobinonly-0ubuntu0.7.10.1 | UNKNOWN |
ubuntu | 8.04 | noarch | thunderbird | < 2.0.0.18+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |