sledp3-mozilla-nsprSecurity update for mozilla-nsprSecurity update for mozilla-nsprThis update fixes a bug in the Mozilla NSPR helper
libraries, which could be used by remote attackers to
potentially execute code via javascript vectors.
MFSA 2009-59 / CVE-2009-1563: Security researcher Alin Rad
Pop of Secunia Research reported a heap-based buffer
overflow in Mozilla's string to floating point number
conversion routines. Using this vulnerability an attacker
could craft some malicious JavaScript code containing a
very long string to be converted to a floating point number
which would result in improper memory allocation and the
execution of an arbitrary memory location. This
vulnerability could thus be leveraged by the attacker to
run arbitrary code on a victim's computer.
This update fixes a bug in the Mozilla NSPR helper
libraries, which could be used by remote attackers to
potentially execute code via javascript vectors.
MFSA 2009-59 / CVE-2009-1563: Security researcher Alin Rad
Pop of Secunia Research reported a heap-based buffer
overflow in Mozilla's string to floating point number
conversion routines. Using this vulnerability an attacker
could craft some malicious JavaScript code containing a
very long string to be converted to a floating point number
which would result in improper memory allocation and the
execution of an arbitrary memory location. This
vulnerability could thus be leveraged by the attacker to
run arbitrary code on a victim's computer.
securitymozilla-nsprx86_64bee0d64785edc4ca605c6bed1d02502953a3991bmozilla-nspr-32bitx86_647f687f2e8132f348366c16c56c512a69d6fdcce2mozilla-nspr-develx86_648b6878a399f9bbb2a69a006535fd4ae5a2a07f32