js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x prior to 3.6.7 and Thunderbird 3.1.x prior to 3.1.1 allows remote malicious users to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.6.1 |
||
mozilla firefox 3.6.4 |
||
mozilla firefox 3.6.6 |
||
mozilla firefox 3.6.2 |
||
mozilla firefox 3.6.3 |
||
mozilla thunderbird 3.1 |