Mozilla · Libmozjs1D-Dbg · CVE-2009-2471
**Name of the Vulnerable Software and Affected Versions**
libmozjs1d-dbg versions (affected versions not specified)
libmozjs1d versions (affected versions not specified)
libmozjs-dev versions (affected versions not specified)
Mozilla Firefox versions prior to 3.0.12
libmozillainterfaces-java versions (affected versions not specified)
**Description**
The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libmozjs1d-dbg, libmozjs1d, libmozjs-dev, and libmozillainterfaces-java. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Additionally, a specific vulnerability in Mozilla Firefox before version 3.0.12 allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call to the `setTimeout` function, related to XPCNativeWrapper.
**Recommendations**
For libmozjs1d-dbg, consider updating to a version that includes the necessary security patches.
For libmozjs1d, consider updating to a version that includes the necessary security patches.
For libmozjs-dev, consider updating to a version that includes the necessary security patches.
For Mozilla Firefox, update to version 3.0.12 or later to address the vulnerability in the `setTimeout` function.
For libmozillainterfaces-java, consider updating to a version that includes the necessary security patches.
As a temporary workaround, consider restricting access to the vulnerable packages until a patch is available.