{"vuid":"VU#428500","idnumber":"428500","name":"Mozilla LiveConnect vulnerable to crash finalizing JS objects","keywords":["Mozilla","LiveConnect","DoS","denial of service","crash","mozilla_20061219"],"overview":"A vulnerability exists in the Mozilla LiveConnect that may allow a remote attacker to cause a denial of service.","clean_desc":"Mozilla LiveConnect, which allows communication between Java applets and web JavaScript, contains a vulnerability in the way freed objects are re-used that may result in a denial of service. According to the Mozilla Foundation Security Advisory 2006-71: The crash is due to re-use of an already-freed object and we presume this could be exploited with enough effort.","impact":"A remote, unathenticated attacker may be able to cause a denial of service.","resolution":"Apply an update\nAccording to the Mozilla Foundation Security Advisory 2006-71, this vulnerability is addressed in Firefox 2.0.0.1, Firefox 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7.","workarounds":"Disable Java For instructions on how to disable Java in Firefox, please refer to the Firefox section of the Securing Your Web Browser document.","sysaffected":"","thanks":"This vulnerability was reported in Mozilla Foundation Security Advisory \n2006-71\n. Mozilla credits Steven Michaud with providing information about this issue.","author":"This document was written by Chris Taschner.","public":["http://www.mozilla.org/security/announce/2006/mfsa2006-71.html","http://secunia.com/advisories/23591/","http://secunia.com/advisories/23598/","http://secunia.com/advisories/23439/","http://secunia.com/advisories/23514/","http://secunia.com/advisories/23545/","http://secunia.com/advisories/23601/","http://secunia.com/advisories/23614/","http://secunia.com/advisories/23618/","http://secunia.com/advisories/23692/","http://www.securityfocus.com/bid/21668","http://secunia.com/advisories/23988/","http://www.auscert.org.au/7372","http://secunia.com/advisories/24390/"],"cveids":["CVE-2006-6502"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-12-20T20:42:15Z","publicdate":"2006-12-19T00:00:00Z","datefirstpublished":"2007-01-18T15:52:37Z","dateupdated":"2007-04-05T18:44:56Z","revision":25,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"3","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"3.645","cam_scorecurrentwidelyknown":"4.6575","cam_scorecurrentwidelyknownexploited":"8.7075","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.645,"vulnote":null}