CVE-2006-1742

NameCVE-2006-1742
DescriptionThe JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1044-1, DSA-1046-1, DSA-1051-1
NVD severitymedium (attack range: remote)
Debian/oldstablenot known to be vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xulrunner (PTS)wheezy, wheezy (security)24.8.1esr-2~deb7u1fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)1.5.dfsg+1.5.0.2-2medium
mozillasource(unstable)2:1.7.13-0.1medium
mozillasourcesarge2:1.7.8-1sarge5mediumDSA-1046-1
mozilla-firefoxsource(unstable)1.5.dfsg+1.5.0.2-2medium
mozilla-firefoxsourcesarge1.0.4-2sarge6mediumDSA-1044-1
mozilla-thunderbirdsourcesarge1.0.2-2.sarge1.0.8low
thunderbirdsource(unstable)1.5.0.2-1low
xulrunnersource(unstable)1.8.0.1-9medium

Notes

The Mozilla Foundation labels this as "critical", but it's not
clear if this bug is exploitable.

Search for package or bug name: Reporting problems