Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-2419

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in loading an empty Java applet defined by a 'src="javascript:"' sequence.

Related bugs and status

CVE-2008-2419 (Candidate) is related to these bugs:

Bug #236762: [CVE-2008-2419] Firefox JSframe heap corruption vulnerability

Summary				In	Importance	Status
	236762	[CVE-2008-2419] Firefox JSframe heap corruption vulnerability		firefox (Ubuntu)	Undecided	Fix Released
	236762	[CVE-2008-2419] Firefox JSframe heap corruption vulnerability		firefox-3.0 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.0x000000.co...
BID: 29318
XF: mozilla-firefox-jsfram...