Уязвимость DoS атаки и выполнения произвольного кода в функции js_watch_set в JavaScript-движке Mozilla Firefox
Описание
Функция js_watch_set в файле js/src/jsdbgapi.cpp в JavaScript-движке Mozilla Firefox до версии 3.0.12 позволяет злоумышленникам вызвать DoS атаку (сбой проверки утверждения и выход из приложения) или, возможно, выполнить произвольный код через специально сформированный файл .js. Эта уязвимость связана с "ошибкой безопасности памяти."
Затронутые версии ПО
- Mozilla Firefox версии до 3.0.12
Тип уязвимости
- DoS атака
- Выполнение произвольного кода
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
5 Medium
CVSS2
Дефекты
Связанные уязвимости
The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13.
The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13.
The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript eng ...
The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13.
EPSS
5 Medium
CVSS2