Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2006-01

JavaScript garbage-collection hazards

February 1, 2006
Igor Bukanov
Firefox, Mozilla Suite, SeaMonkey, Thunderbird
Fixed in
  • Firefox 1.0.8
  • Firefox
  • Mozilla Suite 1.7.13
  • SeaMonkey 1
  • Thunderbird 1.0.8
  • Thunderbird


Garbage collection hazards have been found in the JavaScript engine where some routines used temporary variables that were not properly protected (rooted). Specially crafted objects could contain a user-defined method that would be called during the lifetime of these temporaries. If this method triggered garbage collection the engine would operate on the unexpectedly freed temporary object when it returned from the user-defined routine.

The risk appears remote, but this type of memory corruption could potentially be used by an attacker to run arbitrary code.

CVE-2006-0293 was introduced during Firefox 1.5 development and does not affect Firefox 1.0. CVE-2006-0292 affects all versions of Firefox.

Thunderbird shares the JavaScript engine with Firefox and could be vulnerable if JavaScript is enabled in mail. This is not the default setting; we strongly discourage users from running JavaScript in mail.

Update (13 April 2006)
This flaw has been fixed in Thunderbird

Updated versions of Firefox 1.0, Thunderbird 1.0, and the Mozilla Suite 1.7 have been released containing this fix.


Upgrade to the fixed versions. Do not enable JavaScript in Thunderbird or Mozilla Suite mail.