Comment 1 for bug 236762
Revision history for this message
| Alexander Sack (asac) wrote Re: [Bug 236762] [NEW] [CVE-2008-2419] Firefox JSframe heap corruption vulnerability | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
On Mon, Jun 02, 2008 at 12:13:50PM -0000, Alexander Konovalenko wrote:
> *** This bug is a security vulnerability ***
>
> Public security bug reported:
>
> Binary package hint: firefox
>
> CVE-2008-2419 description:
>
> "Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of
> service (heap corruption and application crash) or possibly execute
> arbitrary code by triggering an error condition during certain Iframe
> operations between a JSframe write and a JSframe close, as demonstrated
> by an error in loading an empty Java applet defined by a
> 'src="javascript:"' sequence."
>
> http://
>
> Are Firefox 3.0 beta 5 and rc1 also affected by this?
>
> ** Affects: firefox (Ubuntu)
> Importance: Undecided
> Status: New
>
> ** Affects: firefox-3.0 (Ubuntu)
> Importance: Undecided
> Status: New
>
> ** Visibility changed to: Public
>
> ** CVE added: http://
> bin/cvename.
>
Those should be fixed on trunk, yes.
affects ubuntu/firefox-3.0
status fixreleased
affects ubuntu/firefox
status fixreleased
- Alexander