Overview
A vulnerability in the Mozilla JavaScript engine may allow execution of arbitrary code or denial of service.
Description
The Mozilla JavaScript engine contains an unspecified vulnerability that may result in memory corruption. The impact of this memory corruption is unclear. According to Mozilla Foundation Security Advisory 2007-12: Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. |
Impact
Potential consequences include remote execution of arbitrary code and denial of service. |
Solution
Upgrade |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.mozilla.org/security/announce/2007/mfsa2007-12.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=351102
- https://bugzilla.mozilla.org/show_bug.cgi?id=369666
- https://bugzilla.mozilla.org/show_bug.cgi?id=367561
- https://bugzilla.mozilla.org/show_bug.cgi?id=370101
- https://bugzilla.mozilla.org/show_bug.cgi?id=370488
- https://bugzilla.mozilla.org/show_bug.cgi?id=375183
- https://bugzilla.mozilla.org/show_bug.cgi?id=367630
- https://bugzilla.mozilla.org/show_bug.cgi?id=375711
- https://bugzilla.mozilla.org/show_bug.cgi?id=367121
- https://bugzilla.mozilla.org/show_bug.cgi?id=369714
- http://secunia.com/advisories/25489/
Acknowledgements
These vulnerabilities were reported in Mozilla Foundation Security Advisory 2007-12. Mozilla credits Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir Palant with reporting these issues.
This document was written by Chris Taschner.
Other Information
| CVE IDs: | CVE-2007-2868 |
| Severity Metric: | 8.19 |
| Date Public: | 2007-05-31 |
| Date First Published: | 2007-05-31 |
| Date Last Updated: | 2007-06-20 19:49 UTC |
| Document Revision: | 37 |