{"vuid":"VU#269484","idnumber":"269484","name":"Mozilla JavaScript engine vulnerable to memory corruption","keywords":["Mozilla","JavaScript engine","memory corruption","moz_bug_r_a4","shutdown"],"overview":"The Mozilla JavaScript engine contains multiple memory corruption vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, or create a denial of service condition.","clean_desc":"The Mozilla Foundation supports several Open Source projects, including the Mozilla, Seamonkey, and Firefox web browsers. The Thunderbird email client is also a Mozilla product. Multiple memory corruption vulnerabilities exist in the way Mozilla products process JavaScript. For more information refer to Mozilla Foundation Security Advisory 2007-01. Note that other Mozilla-based applications may also be affected.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code or create a denial of service condition.","resolution":"Upgrade\nSee Mozilla Foundation Security Advisory 2007-01 for information about affected clients.","workarounds":"Disable Javascript Disabling JavaScript may mitigate this vulnerability. See the Securing Your Web Browser document for more information.","sysaffected":"","thanks":"Thanks to Mozilla for information used in this report. Mozilla thanks Brian Crowder, Igor Bukanov, Johnny Stenback, moz_bug_r_a4 and shutdown.","author":"This document was written by Ryan Giobbi.","public":["http://www.mozilla.org/security/announce/2007/mfsa2007-01.html","http://www.mozilla.org/products/mozilla1.x/","http://www.mozilla.com/en-US/","http://www.mozilla.com/en-US/thunderbird/","http://www.mozilla.org/security/announce/2007/mfsa2007-01.html","http://www.cert.org/tech_tips/securing_browser/","http://secunia.com/advisories/24238/","http://secunia.com/advisories/24287/","http://secunia.com/advisories/24252/","http://secunia.com/advisories/24320/","http://secunia.com/advisories/24328/","http://secunia.com/advisories/24293/","http://secunia.com/advisories/24327/","http://secunia.com/advisories/24343/","http://secunia.com/advisories/24333/","http://secunia.com/advisories/24393/","http://secunia.com/advisories/24352/","http://www.ciac.org/ciac/bulletins/r-164.shtml","http://secunia.com/advisories/24406/","http://secunia.com/advisories/24432/","http://secunia.com/advisories/24410/","http://secunia.com/advisories/24389/","http://secunia.com/advisories/24455/","http://secunia.com/advisories/24456/","http://secunia.com/advisories/24457/"],"cveids":["CVE-2007-0777"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-02-23T20:53:00Z","publicdate":"2007-02-23T00:00:00Z","datefirstpublished":"2007-02-23T21:29:45Z","dateupdated":"2007-03-08T14:54:40Z","revision":55,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"10","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"16","cam_impact":"6","cam_easeofexploitation":"7","cam_attackeraccessrequired":"15","cam_scorecurrent":"2.646","cam_scorecurrentwidelyknown":"4.536","cam_scorecurrentwidelyknownexploited":"8.316","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.646,"vulnote":null}