{"vuid":"VU#876420","idnumber":"876420","name":"Mozilla fails to properly handle garbage collection","keywords":["Mozilla","Firefox","arbitrary code execution","garbage collection","firefox_1505","SeaMonkey"],"overview":"The Mozilla JavaScript engine fails to properly perform garbage collection, which may allow a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"Garbage collection According to Mozilla: Garbage collection is generally used to refer to algorithms that (1) determine which objects are still needed by starting from a set of roots and finding all objects reachable from those objects and (2) returning all remaining objects to the heap. The roots include things like global variables and variables on the current call stack. Mozilla's JavaScript engine uses one of the most common garbage collection algorithms, mark and sweep, in which the garbage collector clears the mark bit on each object, sets the mark bits on all roots and all objects reachable from them, and then finalizes all objects not marked and returns the memory they used to the heap. The problem In some situations, garbage collection could delete an object that was in active use.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. The attacker could also cause the vulnerable application to crash.","resolution":"Apply an update This vulnerability is addressed in Firefox 1.5.0.5, Thunderbird 1.5.0.5, and SeaMonkey 1.0.3 according to the Mozilla Foundation Security Update 2006-50.","workarounds":"Disable JavaScript This vulnerability can be mitigated by disabling JavaScript.","sysaffected":"","thanks":"This vulnerability was reported by the Mozilla Foundation, who in turn credit Igor Bukanov and shutdown.","author":"This document was written by Will Dormann.","public":["http://www.mozilla.org/security/announce/2006/mfsa2006-50.html","https://bugzilla.mozilla.org/show_bug.cgi?id=324117","https://bugzilla.mozilla.org/show_bug.cgi?id=325425","https://bugzilla.mozilla.org/show_bug.cgi?id=339785","https://bugzilla.mozilla.org/show_bug.cgi?id=340129","https://bugzilla.mozilla.org/show_bug.cgi?id=341877","https://bugzilla.mozilla.org/show_bug.cgi?id=341956","https://bugzilla.mozilla.org/show_bug.cgi?id=338804","http://secunia.com/advisories/19873/","http://secunia.com/advisories/21216/","http://secunia.com/advisories/21229/","http://secunia.com/advisories/21228/","https://issues.rpath.com/browse/RPL-537","http://www.securityfocus.com/bid/19181"],"cveids":["CVE-2006-3805"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-07-27T14:15:16Z","publicdate":"2006-07-25T00:00:00Z","datefirstpublished":"2006-07-27T18:12:13Z","dateupdated":"2007-02-09T14:04:50Z","revision":8,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"8","cam_exploitation":"0","cam_internetinfrastructure":"9","cam_population":"13","cam_impact":"15","cam_easeofexploitation":"6","cam_attackeraccessrequired":"18","cam_scorecurrent":"6.712875","cam_scorecurrentwidelyknown":"11.451375","cam_scorecurrentwidelyknownexploited":"19.348875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.712875,"vulnote":null}