CVE-2010-0160 Information

Description

The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8 and SeaMonkey before 2.0.3 does not properly handle array data types for posted messages which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://secunia.com/advisories/37242 http://secunia.com/advisories/38847 http://www.debian.org/security/2010/dsa-1999 http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 http://www.mozilla.org/security/announce/2010/mfsa2010-02.html http://www.redhat.com/support/errata/RHSA-2010-0112.html http://www.securityfocus.com/archive/1/510533/100/0/threaded http://www.ubuntu.com/usn/USN-895-1 http://www.ubuntu.com/usn/USN-896-1 http://www.vupen.com/english/advisories/2010/0405 http://www.zerodayinitiative.com/advisories/ZDI-10-046 https://bugzilla.mozilla.org/show_bug.cgi?id=531222 https://bugzilla.mozilla.org/show_bug.cgi?id=533000 https://bugzilla.mozilla.org/show_bug.cgi?id=534051 https://exchange.xforce.ibmcloud.com/vulnerabilities/56360 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11166 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A8465