Mozilla Firefox/Thunderbird/SeaMonkey YARR Remote Code Execution Vulnerability

Mozilla Firefox/Thunderbird/SeaMonkey YARR Remote Code Execution Vulnerability

Release date:
Updated on:

Affected Systems:
Mozilla Firefox 3.6.x
Mozilla Thunderbird 3.x
Mozilla SeaMonkey 2.x
Unaffected system:
Mozilla Firefox 6
Mozilla Firefox 3.6.23
Mozilla Thunderbird 6
Mozilla SeaMonkey 2.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49850
Cve id: CVE-2011-3232

Firefox is a very popular open-source WEB browser. Thunderbird is a mail client that supports IMAP, POP protocol, and HTML format. SeaMonkey is an open-source Web browser, mail and newsgroup client, IRC session client, and HTML editor.

Mozilla Firefox/Thunderbird/SeaMonkey has a security vulnerability. Remote attackers can exploit this vulnerability to execute arbitrary code with the current user permission.

This vulnerability is caused by the exploitation crash in the YARR regular expression library used by JavaScript.

<* Source: Aki Helin

Link: http://www.mozilla.org/security/announce/2011/mfsa2011-38.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Mozilla
-------
Mozilla has released a Security Bulletin (mfsa2011-42) and patches for this:

Mfsa2011-42: Potentially exploitable crash in the YARR regular expression library

Link: http://www.mozilla.org/security/announce/2011/mfsa2011-42.html