HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2008-47
JavaScript Garbage Collector Vulnerability in Mozilla Products

Original Issue Date: April 23, 2008

Severity Rating: High

System Affected

•  Mozilla Firefox versions prior to 2.0.0.14
•  Mozilla SeaMonkey versions prior to 1.1.10
•  Mozilla Thunderbird versions prior to 2.0.0.14

Overview

A vulnerability has been reported in JavaScript engine during JavaScript garbage collection in Mozilla products which could be exploited by remote attacker to crash the browser and cause denial of service condition.

Description

A vulnerability has been reported in Mozilla products due to unspecified error in the Javascript engine. A remote attacker could exploit the vulnerability to cause denial of service ( garbage collector crash ) and possibly cause other impacts via a specially crafted webpage.

Workaround

•  Disable JavaScript in the browser and mail settings.

Solution

Upgrade to Mozilla Firefox version 2.0.0.14 :
Upgrade to Mozilla Thunderbird version 2.0.0.14 :
Upgrade to Mozilla SeaMonkey version 1.1.10 :
http://www.mozilla.org/download.html

Vendor Information

Mozilla Foundation
http://www.mozilla.org

References

Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/2008/mfsa2008-20.html

SecurityTracker
http://securitytracker.com/alerts/2008/Apr/1019873.html

SecurityFocus
http://www.securityfocus.com/bid/28818

Secunia
http://secunia.com/advisories/29787

CVE Name
CVE-2008-1380

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003