CVE-2009-2465

Name of the Vulnerable Software and Affected Versions libmozjs1d-dbg versions (affected versions not specified) libmozjs1d versions (affected versions not specified) libmozjs-dev versions (affected versions not specified) libmozillainterfaces-java versions (affected versions not specified) Mozilla Firefox versions prior to 3.0.12 Thunderbird versions (affected versions not specified)

Description The issue involves multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libmozjs1d-dbg, libmozjs1d, libmozjs-dev, and libmozillainterfaces-java. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. In the case of Mozilla Firefox and Thunderbird, the vulnerabilities can cause a denial of service (memory corruption and application crash) or allow the execution of arbitrary code via specific vectors, including double frame construction and related functions such as nsSubDocumentFrame::Reflow.

Recommendations For libmozjs1d-dbg, consider disabling the package until a patch is available. For libmozjs1d, restrict access to the package to minimize the risk of exploitation. For libmozjs-dev, avoid using the package in development environments until the issue is resolved. For libmozillainterfaces-java, restrict access to the package to minimize the risk of exploitation. For Mozilla Firefox versions prior to 3.0.12, update to version 3.0.12 or later to resolve the issue. For Thunderbird, update to a version that includes the fix for the vulnerability, although the specific version is not specified. At the moment, there is no information about a newer version that contains a fix for libmozjs1d-dbg, libmozjs1d, libmozjs-dev, libmozillainterfaces-java, and Thunderbird.