The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.
2008-11-13T11:30:01.470
2025-04-09T00:30:58.490
Deferred
CVSSv2: 10.0 (HIGH)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | mozilla | firefox | < 2.0.0.18 | Yes |
Application | mozilla | seamonkey | ≤ 1.1.13 | Yes |
Application | mozilla | thunderbird | < 2.0.0.18 | Yes |