CVE-2009-3075 Information

Description

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2 Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp and unknown vectors.

Reference

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/36669 http://secunia.com/advisories/36670 http://secunia.com/advisories/36671 http://secunia.com/advisories/36692 http://secunia.com/advisories/37098 http://secunia.com/advisories/38977 http://secunia.com/advisories/39001 http://www.debian.org/security/2009/dsa-1885 http://www.mozilla.org/security/announce/2009/mfsa2009-47.html http://www.mozilla.org/security/announce/2010/mfsa2010-07.html http://www.novell.com/linux/security/advisories/2009_48_firefox.html http://www.redhat.com/support/errata/RHSA-2009-1430.html http://www.redhat.com/support/errata/RHSA-2009-1431.html http://www.redhat.com/support/errata/RHSA-2009-1432.html http://www.redhat.com/support/errata/RHSA-2010-0153.html http://www.redhat.com/support/errata/RHSA-2010-0154.html http://www.securityfocus.com/bid/36343 http://www.ubuntu.com/usn/USN-915-1 http://www.vupen.com/english/advisories/2010/0648 http://www.vupen.com/english/advisories/2010/0650 https://bugzilla.mozilla.org/show_bug.cgi?id=441714 https://bugzilla.mozilla.org/show_bug.cgi?id=505305 https://exchange.xforce.ibmcloud.com/vulnerabilities/53158 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11365 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5717