Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 prior to 1.5.0.5, Thunderbird prior to 1.5.0.5, and SeaMonkey prior to 1.0.3 might allow remote malicious users to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 1.5 |
||
mozilla firefox 1.5.0.1 |
||
mozilla firefox 1.5.0.2 |
||
mozilla firefox 1.5.0.3 |
||
mozilla firefox 1.5.0.4 |
||
mozilla seamonkey 1.0 |
||
mozilla seamonkey 1.0.1 |
||
mozilla seamonkey 1.0.2 |
||
mozilla thunderbird 1.5 |
||
mozilla thunderbird 1.5.0.2 |
||
mozilla thunderbird 1.5.0.4 |