« GhettoSat - Croetto | Main | A Linux MapServer bundled distro based on CorelLinux »
April 08, 2005
Oops! Firefox JavaScript Engine Information Disclosure Vulnerability
Secunia - Advisories - Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability
Secunia Advisory:
SA14820
Release Date:2005-04-04
Critical:
Moderately critical
Impact:
Exposure of system informationExposure of sensitive information
Where:
From remote
Solution Status:
Unpatched Software:
Mozilla Firefox 0.x
Mozilla Firefox 1.x
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
vulnerability has been discovered in Mozilla Firefox, which can be
exploited by malicious people to gain knowledge of potentially
sensitive information.
The vulnerability is caused due to an error in the JavaScript engine,
as a "lambda" replace exposes arbitrary amounts of heap memory after
the end of a JavaScript string.
Successful exploitation may disclose sensitive information in memory.
Secunia has constructed a test, which can be used to check if your browser is affected by this issue:
http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/
The vulnerability has been confirmed in versions 1.0.1 and 1.0.2. Other versions may also be affected.
Solution:
Disable JavaScript support.
Provided and/or discovered by:
Azafran
Original Advisory:
Mozilla bug report:
https://bugzilla.mozilla.org/show_bug.cgi?id=288688
Azafran:
http://cubic.xfo.org.ru/index.cgi?read=53004
Posted by cystdog at April 8, 2005 09:37 AM
Trackback Pings
For trackbacks, please use this URL:
http://www.scupper.net/cgi-bin/mt-tb.cgi/165
