search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Mozilla fails to properly handle garbage collection

Vulnerability Note VU#876420

Original Release Date: 2006-07-27 | Last Revised: 2007-02-09

Overview

The Mozilla JavaScript engine fails to properly perform garbage collection, which may allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

Garbage collection

According to Mozilla:

Garbage collection is generally used to refer to algorithms that (1) determine which objects are still needed by starting from a set of roots and finding all objects reachable from those objects and (2) returning all remaining objects to the heap. The roots include things like global variables and variables on the current call stack. Mozilla's JavaScript engine uses one of the most common garbage collection algorithms, mark and sweep, in which the garbage collector clears the mark bit on each object, sets the mark bits on all roots and all objects reachable from them, and then finalizes all objects not marked and returns the memory they used to the heap.

The problem

In some situations, garbage collection could delete an object that was in active use.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. The attacker could also cause the vulnerable application to crash.

Solution

Apply an update

This vulnerability is addressed in Firefox 1.5.0.5, Thunderbird 1.5.0.5, and SeaMonkey 1.0.3 according to the Mozilla Foundation Security Update 2006-50.

Disable JavaScript


This vulnerability can be mitigated by disabling JavaScript.

Vendor Information

876420
 
Expand all

Mozilla, Inc. Affected

Updated:  July 27, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Mozilla Foundation Security Advisory 2006-50.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by the Mozilla Foundation, who in turn credit Igor Bukanov and shutdown.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2006-3805
Severity Metric: 6.71
Date Public: 2006-07-25
Date First Published: 2006-07-27
Date Last Updated: 2007-02-09 14:04 UTC
Document Revision: 8

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis