CVE-2008-5013 Information

Description

Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly which allows remote attackers to execute arbitrary code via a crafted SWF file that \dynamically unloads itself from an outside JavaScript function\ which triggers an access of an expired memory address.

Reference

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32714 http://secunia.com/advisories/32778 http://secunia.com/advisories/32845 http://secunia.com/advisories/32853 http://secunia.com/advisories/33433 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://ubuntu.com/usn/usn-667-1 http://www.debian.org/security/2008/dsa-1669 http://www.debian.org/security/2008/dsa-1671 http://www.debian.org/security/2009/dsa-1697 http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 http://www.mozilla.org/security/announce/2008/mfsa2008-49.html http://www.redhat.com/support/errata/RHSA-2008-0977.html http://www.securityfocus.com/bid/32281 http://www.securitytracker.com/id?1021181 http://www.us-cert.gov/cas/techalerts/TA08-319A.html http://www.vupen.com/english/advisories/2008/3146 http://www.vupen.com/english/advisories/2009/0977 https://bugzilla.mozilla.org/show_bug.cgi?id=433610 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9660 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html