CVE-2009-2463

Name of the Vulnerable Software and Affected Versions libnspr4-0d versions (affected versions not specified) libmozjs-dev versions (affected versions not specified) libnspr4-0d-dbg versions (affected versions not specified) libmozjs1d-dbg versions (affected versions not specified) libmozjs1d versions (affected versions not specified) libnspr4-dev versions (affected versions not specified) libmozillainterfaces-java versions (affected versions not specified) Mozilla Firefox versions prior to 3.0.12 Thunderbird versions prior to 2.0.0.24 SeaMonkey versions prior to 1.1.19

Description The issue involves multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libnspr4-0d, libmozjs-dev, libnspr4-0d-dbg, libmozjs1d-dbg, libmozjs1d, libnspr4-dev, and libmozillainterfaces-java. These vulnerabilities can be exploited remotely, leading to a disruption in the confidentiality, integrity, and availability of protected information. Additionally, integer overflows in the PL Base64Decode and PL Base64Encode functions in Mozilla Firefox, Thunderbird, and SeaMonkey can cause a denial of service or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.

Recommendations For libnspr4-0d, consider disabling the vulnerable functions until a patch is available. For libmozjs-dev, restrict access to the vulnerable module to minimize the risk of exploitation. For libnspr4-0d-dbg, avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved. For libmozjs1d-dbg, consider disabling the vulnerable function until a patch is available. For libmozjs1d, restrict access to the vulnerable module to minimize the risk of exploitation. For libnspr4-dev, avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved. For libmozillainterfaces-java, consider disabling the vulnerable function until a patch is available. For Mozilla Firefox, update to version 3.0.12 or later. For Thunderbird, update to version 2.0.0.24 or later. For SeaMonkey, update to version 1.1.19 or later.