(Mozilla Issues Fix for Thunderbird) Mozilla Firefox CSS Reference Counter Bug Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1020555 |
|
SecurityTracker URL: http://securitytracker.com/id/1020555
|
|
CVE Reference:
CVE-2008-2785
(Links to External Site)
|
Date: Jul 25 2008
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 2.0.0.16
|
Description:
A vulnerability was reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. Mozilla Thunderbird is affected.
A remote user can create a large number of references to a common CSS object to overflow the CSSValue array data structure. The browser will attempt to free the object while it is still in use, which may allow arbitrary code to be executed. The code will run with the privileges of the target user.
TippingPoint reported this vulnerability.
|
Impact:
A remote user can cause arbitrary code to be executed on the target user's system.
|
Solution:
Mozilla has issued a fix for Thunderbird (2.0.0.16), which is affected by this vulnerability.
The Mozilla advisory is available at:
http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
|
Vendor URL: www.mozilla.org/security/announce/2008/mfsa2008-34.html (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 24 Jul 2008 21:47:14 -0400
Subject: Mozilla Thunderbird
|
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html#thunderbird2.0.0.16
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2802
CVE-2008-2803
CVE-2008-2807
CVE-2008-2809
CVE-2008-2811
|
|
