Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | 3.6 (including) | 3.6 (including) |
| Firefox | Mozilla | 3.6.2 (including) | 3.6.2 (including) |
| Firefox | Mozilla | 3.6.3 (including) | 3.6.3 (including) |
| Firefox | Mozilla | 3.6.4 (including) | 3.6.4 (including) |
| Firefox | Mozilla | 3.6.6 (including) | 3.6.6 (including) |
| Firefox | Mozilla | 3.6.7 (including) | 3.6.7 (including) |
| Firefox | Mozilla | 3.6.8 (including) | 3.6.8 (including) |
| Firefox | Mozilla | 3.6.9 (including) | 3.6.9 (including) |
| Firefox | Mozilla | 3.6.10 (including) | 3.6.10 (including) |
| Firefox | Mozilla | 3.6.11 (including) | 3.6.11 (including) |
| Firefox | Mozilla | 3.6.12 (including) | 3.6.12 (including) |
| Firefox | Mozilla | 3.6.13 (including) | 3.6.13 (including) |
| Red Hat Enterprise Linux 4 | RedHat | firefox-0:3.6.14-4.el4 | * |
| Red Hat Enterprise Linux 5 | RedHat | firefox-0:3.6.14-4.el5_6 | * |
| Red Hat Enterprise Linux 5 | RedHat | xulrunner-0:1.9.2.14-4.el5_6 | * |
| Red Hat Enterprise Linux 6 | RedHat | firefox-0:3.6.14-4.el6_0 | * |
| Red Hat Enterprise Linux 6 | RedHat | xulrunner-0:1.9.2.14-3.el6_0 | * |
| Firefox | Ubuntu | dapper | * |
| Firefox | Ubuntu | hardy | * |
| Firefox | Ubuntu | lucid | * |
| Firefox | Ubuntu | maverick | * |
| Firefox | Ubuntu | upstream | * |
| Firefox-3.0 | Ubuntu | hardy | * |
| Firefox-3.5 | Ubuntu | karmic | * |
| Seamonkey | Ubuntu | hardy | * |
| Seamonkey | Ubuntu | karmic | * |
| Seamonkey | Ubuntu | lucid | * |
| Seamonkey | Ubuntu | maverick | * |
| Seamonkey | Ubuntu | upstream | * |
| Xulrunner-1.9.2 | Ubuntu | hardy | * |
| Xulrunner-1.9.2 | Ubuntu | karmic | * |
| Xulrunner-1.9.2 | Ubuntu | lucid | * |
| Xulrunner-1.9.2 | Ubuntu | maverick | * |
| Xulrunner-1.9.2 | Ubuntu | upstream | * |
References
- http://downloads.avaya.com/css/P8/documents/100133195
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:041
- http://www.mozilla.org/security/announce/2011/mfsa2011-06.html
- http://www.securityfocus.com/bid/46663
- https://bugzilla.mozilla.org/show_bug.cgi?id=626631
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14200
- http://downloads.avaya.com/css/P8/documents/100133195
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:041
- http://www.mozilla.org/security/announce/2011/mfsa2011-06.html
- http://www.securityfocus.com/bid/46663
- https://bugzilla.mozilla.org/show_bug.cgi?id=626631
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14200