CVE-2009-2464

Name of the Vulnerable Software and Affected Versions libmozjs1d-dbg versions (affected versions not specified) libmozjs1d versions (affected versions not specified) libmozjs-dev versions (affected versions not specified) libmozillainterfaces-java versions (affected versions not specified) Mozilla Firefox versions prior to 3.0.12 SeaMonkey versions prior to 2.0a1pre Thunderbird versions (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libmozjs1d-dbg, libmozjs1d, libmozjs-dev, and libmozillainterfaces-java. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Additionally, a specific function, CheckIsSeparator, in Mozilla Firefox, SeaMonkey, and Thunderbird is vulnerable to remote attacks, which can cause a denial of service or possibly execute arbitrary code by loading multiple RDF files in a XUL tree element.

Recommendations For libmozjs1d-dbg, consider disabling the vulnerable package until a patch is available. For libmozjs1d, restrict access to the vulnerable module to minimize the risk of exploitation. For libmozjs-dev, avoid using the vulnerable development package until the issue is resolved. For libmozillainterfaces-java, restrict access to the vulnerable Java interface to minimize the risk of exploitation. For Mozilla Firefox, update to version 3.0.12 or later. For SeaMonkey, update to version 2.0a1pre or later. At the moment, there is no information about a newer version that contains a fix for Thunderbird.