Red Hat Bugzilla – Bug 470867
CVE-2008-5013 Mozilla Flash Player dynamic module unloading flaw
Last modified: 2010-12-25 11:44:38 EST
Security researcher Cameron Hotchkies, via TippingPoint's Zero Day
Initiative program, reported that insufficient checks were being performed
to test whether the Flash module was properly dynamically unloaded.
Hotchkies demonstrated that a SWF file which dynamically unloads itself
memory address no longer mapped to the Flash module, resulting in a crash.
This crash could be used by an attacker to run arbitrary code on a victim's
Firefox 3 is not affected by this issue.
This is now public:
firefox-18.104.22.168-1.fc8, epiphany-2.20.3-8.fc8, epiphany-extensions-2.20.1-11.fc8, blam-1.8.3-19.fc8, cairo-dock-22.214.171.124-1.fc8.1, chmsee-1.0.0-5.31.fc8, devhelp-0.16.1-11.fc8, evolution-rss-0.0.8-13.fc8, galeon-2.0.4-6.fc8.3, gnome-python2-extras-2.19.1-19.fc8, gnome-web-photo-0.3-14.fc8, kazehakase-0.5.6-1.fc8.1, liferea-1.4.15-5.fc8, Miro-1.2.7-2.fc8, openvrml-0.17.10-2.0.fc8, ruby-gnome2-0.17.0-3.fc8, yelp-2.20.0-14.fc8, seamonkey-1.1.13-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This was addressed via:
Red Hat Enterprise Linux version 2.1 (seamonkey) RHSA-2008:0977
Red Hat Enterprise Linux version 3 (seamonkey) RHSA-2008:0977
Red Hat Enterprise Linux version 4 (seamonkey) RHSA-2008:0977