FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- javascript "lambda" replace exposes memory contents

Affected packages
firefox < 1.0.3,1
linux-firefox < 1.0.3
mozilla < 1.7.7,2
1.8.*,2 <= mozilla
linux-mozilla < 1.7.7
1.8.* <= linux-mozilla
linux-mozilla-devel < 1.7.7
1.8.* <= linux-mozilla-devel
0 <= netscape7
0 <= de-linux-mozillafirebird
0 <= el-linux-mozillafirebird
0 <= ja-linux-mozillafirebird-gtk1
0 <= ja-mozillafirebird-gtk2
0 <= linux-mozillafirebird
0 <= ru-linux-mozillafirebird
0 <= zhCN-linux-mozillafirebird
0 <= zhTW-linux-mozillafirebird
0 <= de-linux-netscape
0 <= de-netscape7
0 <= fr-linux-netscape
0 <= fr-netscape7
0 <= ja-linux-netscape
0 <= ja-netscape7
0 <= linux-netscape
0 <= linux-phoenix
0 <= mozilla+ipv6
0 <= mozilla-embedded
0 <= mozilla-firebird
0 <= mozilla-gtk
0 <= mozilla-gtk1
0 <= mozilla-gtk2
0 <= mozilla-thunderbird
0 <= phoenix
0 <= pt_BR-netscape7

Details

VuXML ID 45b75152-ae5f-11d9-a788-0001020eed82
Discovery 2005-04-01
Entry 2005-04-16

A Mozilla Foundation Security Advisory reports:

A bug in javascript's regular expression string replacement when using an anonymous function as the replacement argument allows a malicious script to capture blocks of memory allocated to the browser. A web site could capture data and transmit it to a server without user interaction or knowledge.

Workaround: Disable Javascript

References

CVE Name CVE-2005-0989
URL http://www.mozilla.org/security/announce/mfsa2005-33.html
URL https://bugzilla.mozilla.org/show_bug.cgi?id=288688