Overview
Mozilla products contain a race condition. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.
Description
The Mozilla products JavaScript garbage collection process may delete a variable while that variable is still in use. This may corrupt memory in a way that can allow an attacker to execute arbitrary code. For complete list of affected products refer to Mozilla Foundation Security Advisory 2006-48. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. The attacker could also cause the vulnerable application to crash. |
Solution
Apply an update |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported in Mozilla Foundation Security Advisory 2006-48. Mozilla credits H. D. Moore with reporting this vulnerability.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2006-3803 |
| Severity Metric: | 16.03 |
| Date Public: | 2006-07-25 |
| Date First Published: | 2006-07-27 |
| Date Last Updated: | 2007-02-09 14:05 UTC |
| Document Revision: | 14 |