Heap Memory Exposure in Mozilla Suite, Firefox, and Netscape
CVE-2005-0989

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Navigator; Mozilla
Vendor: CVE Published:; 2 May 2005

Summary

The find_replen function in the JavaScript engine of the affected products exposes a security weakness that allows remote attackers to read sensitive portions of the program's heap memory. This is achieved via a maliciously crafted JavaScript string utilizing the lambda replace method, potentially leading to unauthorized data exposure and the exploitation of user data.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.redhat.com/support/errata/RHSA-2005-386.html

vendor-advisoryx_refsource_REDHAT

http://www.securityfocus.com/bid/12988

vdb-entryx_refsource_BID

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 6, 2005