[CVE-2008-2419] Firefox JSframe heap corruption vulnerability
Bug #236762 reported by
Till Ulen
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
firefox-3.0 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: firefox
CVE-2008-2419 description:
"Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in loading an empty Java applet defined by a 'src="javascript:"' sequence."
http://
Are Firefox 3.0 beta 5 and rc1 also affected by this?
CVE References
To post a comment you must log in.
On Mon, Jun 02, 2008 at 12:13:50PM -0000, Alexander Konovalenko wrote: cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2008- 2419 www.cve. mitre.org/ cgi- cgi?name= 2008-2419
> *** This bug is a security vulnerability ***
>
> Public security bug reported:
>
> Binary package hint: firefox
>
> CVE-2008-2419 description:
>
> "Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of
> service (heap corruption and application crash) or possibly execute
> arbitrary code by triggering an error condition during certain Iframe
> operations between a JSframe write and a JSframe close, as demonstrated
> by an error in loading an empty Java applet defined by a
> 'src="javascript:"' sequence."
>
> http://
>
> Are Firefox 3.0 beta 5 and rc1 also affected by this?
>
> ** Affects: firefox (Ubuntu)
> Importance: Undecided
> Status: New
>
> ** Affects: firefox-3.0 (Ubuntu)
> Importance: Undecided
> Status: New
>
> ** Visibility changed to: Public
>
> ** CVE added: http://
> bin/cvename.
>
Those should be fixed on trunk, yes.
affects ubuntu/firefox-3.0
status fixreleased
affects ubuntu/firefox
status fixreleased
- Alexander