Bug 440518 (CVE-2008-1380)

Summary: CVE-2008-1380 Firefox JavaScript garbage collection crash
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: medium    
Version: unspecifiedCC: caillon, kreilly, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-23 16:49:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 440525, 440526, 440528, 440529, 440530, 440532, 440533, 442850, 442851, 442852, 442855, 442856, 442857    
Bug Blocks:    

Description Josh Bressers 2008-04-03 21:13:12 UTC 
Mozilla bugs 425576 and 425594
https://bugzilla.mozilla.org/show_bug.cgi?id=425576
https://bugzilla.mozilla.org/show_bug.cgi?id=425594

describe a crash in the JavaScript garbage collector.  It is suspected that this
bug could result in arbitrary code execution as the user running Firefox.
Comment 5 Josh Bressers 2008-04-17 01:36:06 UTC 
Lifting embargo
Comment 8 Fedora Update System 2008-04-22 22:36:33 UTC 
seamonkey-1.1.9-2.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2008-04-22 22:39:37 UTC 
chmsee-1.0.0-2.30.fc7, epiphany-2.18.3-9.fc7, kazehakase-0.5.4-2.fc7.2, ruby-gnome2-0.16.0-23.fc7, epiphany-extensions-2.18.3-9, Miro-1.2-2.fc7, firefox-2.0.0.14-1.fc7, openvrml-0.16.7-5.fc7, devhelp-0.13-16.fc7, galeon-2.0.3-17.fc7, gnome-python2-extras-2.14.3-10.fc7, gtkmozembedmm-1.4.2.cvs20060817-17.fc7, liferea-1.4.13-3.fc7, yelp-2.18.1-11.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2008-04-22 22:43:24 UTC 
seamonkey-1.1.9-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2008-04-22 22:44:43 UTC 
epiphany-extensions-2.20.1-7.fc8, gnome-web-photo-0.3-10.fc8, yelp-2.20.0-9.fc8, devhelp-0.16.1-7.fc8, kazehakase-0.5.4-2.fc8.1, gnome-python2-extras-2.19.1-14.fc8, gtkmozembedmm-1.4.2.cvs20060817-20.fc8, liferea-1.4.13-3.fc8, firefox-2.0.0.14-1.fc8, chmsee-1.0.0-2.30.fc8, epiphany-2.20.3-3.fc8, galeon-2.0.4-2.fc8.3, Miro-1.2-2.fc8, openvrml-0.17.5-5.fc8, ruby-gnome2-0.16.0-22.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2008-05-10 13:53:04 UTC 
thunderbird-2.0.0.14-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2008-05-10 13:54:43 UTC 
thunderbird-2.0.0.14-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Vincent Danen 2010-12-23 16:49:44 UTC 
This was addressed via:

Red Hat Enterprise Linux version 4 (RHSA-2008:0222)
Red Hat Enterprise Linux version 5 (RHSA-2008:0222)
Red Hat Enterprise Linux version 2.1 (RHSA-2008:0223)
Red Hat Enterprise Linux version 3 (RHSA-2008:0223)
Red Hat Enterprise Linux version 4 (RHSA-2008:0223)
Red Hat Enterprise Linux version 4 (RHSA-2008:0224)
Red Hat Enterprise Linux Desktop version 5 (RHSA-2008:0224)
RHEL Optional Productivity Applications version 5 (RHSA-2008:0224)