Your submission was sent successfully! Close

CVE-2009-0773

Published: 5 March 2009

The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
dapper Not vulnerable

gutsy Not vulnerable

hardy Not vulnerable

intrepid Does not exist

jaunty Does not exist

upstream Not vulnerable

firefox-3.0
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Needed
(reached end-of-life)
hardy
Released (3.0.7+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (3.0.7+nobinonly-0ubuntu0.8.10.1)
jaunty
Released (3.0.7+nobinonly-0ubuntu1)
upstream Needs triage

firefox-3.5
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty
Released (3.5+nobinonly-0ubuntu0.9.04.1)
upstream Needs triage

iceape
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Not vulnerable

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

upstream Not vulnerable

icedove
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

upstream Not vulnerable

iceweasel
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

upstream Needs triage

mozilla-thunderbird
Launchpad, Ubuntu, Debian
dapper Not vulnerable

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

upstream Not vulnerable

seamonkey
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy Not vulnerable

intrepid Not vulnerable

jaunty Not vulnerable

upstream Not vulnerable

thunderbird
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Not vulnerable

hardy Not vulnerable

intrepid Not vulnerable

jaunty Not vulnerable

upstream Not vulnerable

xulrunner
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Not vulnerable

hardy Not vulnerable

intrepid Not vulnerable

jaunty Not vulnerable

upstream Not vulnerable

xulrunner-1.9
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Needed
(reached end-of-life)
hardy
Released (1.9.0.7+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (1.9.0.7+nobinonly-0ubuntu0.8.10.1)
jaunty
Released (1.9.0.7+nobinonly-0ubuntu1)
upstream Needs triage

xulrunner-1.9.1
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty
Released (1.9.1+nobinonly-0ubuntu0.9.04.1)
upstream Needs triage