Mozilla

Mozilla Foundation Security Advisory 2013-82

Calling scope for new Javascript objects can lead to memory corruption

Announced
September 17, 2013
Reporter
Ms2ger
Impact
High
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
Fixed in
  • Firefox 24
  • Firefox ESR 17.0.9
  • SeaMonkey 2.21
  • Thunderbird 24
  • Thunderbird ESR 17.0.9

Description

Mozilla community member Ms2ger found a mechanism where a new Javascript object with a compartment is uninitialized could be entered through web content. When the scope for this object is called, it leads to a potentially exploitable crash.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.

References