Bug 179167

Summary: CVE-2006-0292 javascript unrooted access
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: mozillaAssignee: Christopher Aillon <caillon>
Status: CLOSED CURRENTRELEASE QA Contact: Ben Levenson <benl>
Severity: urgent Docs Contact:
Priority: medium    
Version: 4CC: deisenst, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=critical,embargo=20060202,reported=20060127,source=mozilla
Fixed In Version: mozilla-1.7.12-1.5.2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-26 10:00:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2006-01-27 21:03:52 UTC 
javascript unrooted access

The javascript interpreter in Mozilla can be tricked into storing
arbitary code onto the heap, then jump into that code.  This is the
result of tricking the garbage collector into dereferencing objects
that are still in use.

https://bugzilla.mozilla.org/show_bug.cgi?id=316885
Comment 2 Fedora Update System 2006-02-02 23:35:26 UTC 
From User-Agent: XML-RPC

mozilla-1.7.12-1.5.2 has been pushed for FC4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 3 David Eisenstein 2006-02-26 10:00:38 UTC 
Closing this bug CURRENTRELEASE.

Update announcement FEDORA-2006-075 for this issue is at:
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html