CVE-2009-2471

Name of the Vulnerable Software and Affected Versions libmozjs1d-dbg versions (affected versions not specified) libmozjs1d versions (affected versions not specified) libmozjs-dev versions (affected versions not specified) Mozilla Firefox versions prior to 3.0.12 libmozillainterfaces-java versions (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libmozjs1d-dbg, libmozjs1d, libmozjs-dev, and libmozillainterfaces-java. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Additionally, a specific vulnerability in Mozilla Firefox before version 3.0.12 allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call to the setTimeout function, related to XPCNativeWrapper.

Recommendations For libmozjs1d-dbg, consider updating to a version that includes the necessary security patches. For libmozjs1d, consider updating to a version that includes the necessary security patches. For libmozjs-dev, consider updating to a version that includes the necessary security patches. For Mozilla Firefox, update to version 3.0.12 or later to address the vulnerability in the setTimeout function. For libmozillainterfaces-java, consider updating to a version that includes the necessary security patches. As a temporary workaround, consider restricting access to the vulnerable packages until a patch is available.