Intrusion Prevention

Mozilla.Firefox.JavaScript.Lambda.Heap.Memory.Disclosure

Description

This indicates a possible attempt to exploit a Memory Disclosure vulnerability in the Javascript engine for Mozilla Suite, Firefox and Netscape.
The vulnerability may allow remote attackers to read portions of heap memory in a Javascript string via the "lambda replace" method.

Affected Products

Ubuntu Ubuntu Linux 5.04 powerpc
Ubuntu Ubuntu Linux 5.04 i386
Ubuntu Ubuntu Linux 5.04 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux 8.0
Slackware Linux -current
SGI ProPack 3.0
SCO Unixware 7.1.4
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 8
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Fedora Core4
RedHat Fedora Core3
RedHat Fedora Core2
RedHat Fedora Core1
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1
Netscape Netscape 7.2
Netscape Netscape 7.1
Netscape Netscape 7.0
Mozilla Thunderbird 1.0.2
Mozilla Thunderbird 1.0.1
Mozilla Thunderbird 1.0
Mozilla Thunderbird 0.9
Mozilla Thunderbird 0.8
Mozilla Thunderbird 0.7.3
Mozilla Thunderbird 0.7.2
Mozilla Thunderbird 0.7.1
Mozilla Thunderbird 0.7
Mozilla Thunderbird 0.6
Mozilla Firefox 1.0.2
Mozilla Firefox 1.0.1
Mozilla Camino 0.8.3
Mozilla Browser 1.7.6
MandrakeSoft Linux Mandrake 10.2 x86_64
MandrakeSoft Linux Mandrake 10.2
MandrakeSoft Linux Mandrake 10.1 x86_64
MandrakeSoft Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
K-Meleon K-Meleon 0.9
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.00
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Not Vulnerable:
Netscape Netscape 8.0
Mozilla Thunderbird 1.0.5
Mozilla Firefox 1.0.3
Mozilla Browser 1.7.7

Impact

Information disclosure.

Recommended Actions

Update to:
Netscape 8.0
Mozilla Thunderbird 1.0.5
Mozilla Firefox 1.0.3
Mozilla Browser 1.7.7

CVE References

CVE-2005-0989