Oval Definition:	oval:org.mitre.oval:def:6708
Revision Date: 2014-10-06 Version: 29 Title: Mozilla Firefox, Thunderbird and Seamonkey Denial of Service and arbitrary code execution Vulnerabilities Description: The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2009-0773 Platform(s): Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Product(s): Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird Definition Synopsis Check Mozilla Thunderbird version Mozilla Thunderbird Mainline release is installed AND Thunderbird version is less than or equal to 2.0.0.20 OR Check Mozilla Seamonkey version Mozilla Seamonkey is installed AND Seamonkey version is less than or equal to 1.1.15 OR Check Mozilla Firefox version Mozilla Firefox Mainline release is installed AND Firefox version is less than or equal to 3.0.6
BACK