The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | 2.0 (including) | 2.0.0.18 (excluding) |
Seamonkey | Mozilla | 1.0 (including) | 1.1.13 (including) |
Thunderbird | Mozilla | 2.0 (including) | 2.0.0.18 (excluding) |