Description

The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

http://secunia.com/advisories/14938

http://secunia.com/advisories/14992

http://secunia.com/advisories/19823

http://securitytracker.com/id?1013742

http://securitytracker.com/id?1013743

http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml

http://www.mozilla.org/security/announce/mfsa2005-40.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/support/errata/RHSA-2005-383.html

http://www.redhat.com/support/errata/RHSA-2005-384.html

http://www.redhat.com/support/errata/RHSA-2005-386.html

http://www.redhat.com/support/errata/RHSA-2005-601.html

http://www.securityfocus.com/bid/13232

http://www.securityfocus.com/bid/15495

https://bugzilla.mozilla.org/show_bug.cgi?id=290162

https://exchange.xforce.ibmcloud.com/vulnerabilities/20123

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629

Details

Risk Information

CVSS v2