N/A
CVE-2009-0773
EN The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Apps suivies affectées
Configurations CPE vulnérables
| Vendor | Produit | Plateforme | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| mozilla | thunderbird | Windows | ≤2.0.0.20 | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:* |