Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 223363 (CVE-2008-2419)

Summary: www-client/mozilla-firefox JSframe Heap Corruption (CVE-2008-2419)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.0x000000.com/?i=576
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=448364
Whiteboard: A2? [ebuild]
Package list:
Runtime testing required: ---
Bug Depends on: 257577    
Bug Blocks:    

Description Robert Buchholz (RETIRED) gentoo-dev 2008-05-23 17:05:00 UTC
CVE-2008-2419 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2419):
  Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service
  (heap corruption and application crash) or possibly execute arbitrary code by
  triggering an error condition during certain Iframe operations between a
  JSframe write and a JSframe close, as demonstrated by an error in loading an
  empty Java applet defined by a 'src="javascript:"' sequence.
Comment 1 Jory A. Pratt gentoo-dev 2010-09-16 13:03:54 UTC
Nothing for mozilla to do here.
Comment 2 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2011-12-13 19:35:01 UTC
Quoting RedHat bug 448364:

"It is possible that this could affect Seamonkey 1.1.x, however there is no
further information available on this issue, and it looks like it may only
affect Windows.  It also looks as though this issue may be more related to the
java interpreter than to firefox itself.  Regardless, upstream is unable to
reproduce or determine this to be security significant in firefox itself.

https://bugzilla.mozilla.org/show_bug.cgi?id=323026
https://bugzilla.mozilla.org/show_bug.cgi?id=275783
https://bugzilla.mozilla.org/show_bug.cgi?id=256763"