mozilla -- SOAPParameter integer overflow

2004-08-0200:00:00

vuxml.freebsd.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.837 High

EPSS

Percentile

98.5%

JSON

zen-parse discovered and iDEFENSE reported an exploitable
integer overflow in a scriptable Mozilla component
`SOAPParameter’:

Improper input validation to the SOAPParameter object
constructor in Netscape and Mozilla allows execution of
arbitrary code. The SOAPParameter object’s constructor
contains an integer overflow which allows controllable
heap corruption. A web page can be constructed to
leverage this into remote execution of arbitrary code.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfirefox< 0.9UNKNOWN
FreeBSDanynoarchlinux-mozilla< 1.7UNKNOWN
FreeBSDanynoarchlinux-mozilla-devel< 1.7UNKNOWN
FreeBSDanynoarchmozilla-gtk1< 1.7UNKNOWN
FreeBSDanynoarchmozilla< 1.7,2UNKNOWN
FreeBSDanynoarchnetscape7< 7.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	firefox	< 0.9	UNKNOWN
FreeBSD	any	noarch	linux-mozilla	< 1.7	UNKNOWN
FreeBSD	any	noarch	linux-mozilla-devel	< 1.7	UNKNOWN
FreeBSD	any	noarch	mozilla-gtk1	< 1.7	UNKNOWN
FreeBSD	any	noarch	mozilla	< 1.7,2	UNKNOWN
FreeBSD	any	noarch	netscape7	< 7.2	UNKNOWN