Bug 440518 (CVE-2008-1380) - CVE-2008-1380 Firefox JavaScript garbage collection crash
Summary: CVE-2008-1380 Firefox JavaScript garbage collection crash
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2008-1380
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 440525 440526 440528 440529 440530 440532 440533 442850 442851 442852 442855 442856 442857
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-03 21:13 UTC by Josh Bressers
Modified: 2019-09-29 12:24 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-12-23 16:49:44 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0222 0 normal SHIPPED_LIVE Critical: firefox security update 2008-04-17 01:37:25 UTC
Red Hat Product Errata RHSA-2008:0223 0 normal SHIPPED_LIVE Critical: seamonkey security update 2008-04-17 01:39:02 UTC
Red Hat Product Errata RHSA-2008:0224 0 normal SHIPPED_LIVE Moderate: thunderbird security update 2008-04-30 16:47:54 UTC

Description Josh Bressers 2008-04-03 21:13:12 UTC 
Mozilla bugs 425576 and 425594
https://bugzilla.mozilla.org/show_bug.cgi?id=425576
https://bugzilla.mozilla.org/show_bug.cgi?id=425594

describe a crash in the JavaScript garbage collector.  It is suspected that this
bug could result in arbitrary code execution as the user running Firefox.
Comment 5 Josh Bressers 2008-04-17 01:36:06 UTC 
Lifting embargo
Comment 8 Fedora Update System 2008-04-22 22:36:33 UTC 
seamonkey-1.1.9-2.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2008-04-22 22:39:37 UTC 
chmsee-1.0.0-2.30.fc7, epiphany-2.18.3-9.fc7, kazehakase-0.5.4-2.fc7.2, ruby-gnome2-0.16.0-23.fc7, epiphany-extensions-2.18.3-9, Miro-1.2-2.fc7, firefox-2.0.0.14-1.fc7, openvrml-0.16.7-5.fc7, devhelp-0.13-16.fc7, galeon-2.0.3-17.fc7, gnome-python2-extras-2.14.3-10.fc7, gtkmozembedmm-1.4.2.cvs20060817-17.fc7, liferea-1.4.13-3.fc7, yelp-2.18.1-11.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2008-04-22 22:43:24 UTC 
seamonkey-1.1.9-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2008-04-22 22:44:43 UTC 
epiphany-extensions-2.20.1-7.fc8, gnome-web-photo-0.3-10.fc8, yelp-2.20.0-9.fc8, devhelp-0.16.1-7.fc8, kazehakase-0.5.4-2.fc8.1, gnome-python2-extras-2.19.1-14.fc8, gtkmozembedmm-1.4.2.cvs20060817-20.fc8, liferea-1.4.13-3.fc8, firefox-2.0.0.14-1.fc8, chmsee-1.0.0-2.30.fc8, epiphany-2.20.3-3.fc8, galeon-2.0.4-2.fc8.3, Miro-1.2-2.fc8, openvrml-0.17.5-5.fc8, ruby-gnome2-0.16.0-22.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2008-05-10 13:53:04 UTC 
thunderbird-2.0.0.14-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2008-05-10 13:54:43 UTC 
thunderbird-2.0.0.14-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Vincent Danen 2010-12-23 16:49:44 UTC 
This was addressed via:

Red Hat Enterprise Linux version 4 (RHSA-2008:0222)
Red Hat Enterprise Linux version 5 (RHSA-2008:0222)
Red Hat Enterprise Linux version 2.1 (RHSA-2008:0223)
Red Hat Enterprise Linux version 3 (RHSA-2008:0223)
Red Hat Enterprise Linux version 4 (RHSA-2008:0223)
Red Hat Enterprise Linux version 4 (RHSA-2008:0224)
Red Hat Enterprise Linux Desktop version 5 (RHSA-2008:0224)
RHEL Optional Productivity Applications version 5 (RHSA-2008:0224)
Note You need to log in before you can comment on or make changes to this bug.