[v2.7] nspr: remote arbitrary code execution or DoS (CVE-2014-1545)
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.
•CONFIRM:
http://www.mozilla.org/security/announce/2014/mfsa2014-55.html
•CONFIRM: https://bugzilla.mozilla.org/show\_bug.cgi?id=1018783
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1107432
•BID:67975
•URL: http://www.securityfocus.com/bid/67975
•SECUNIA:58984
•URL: http://secunia.com/advisories/58984
(from redmine: issue id 3065, created on 2014-06-20, closed on 2014-06-24)
- Relations:
- parent #3062 (closed)
- Changesets:
- Revision 21fc5b0e by Natanael Copa on 2014-06-23T16:28:44Z:
main/nspr: security upgrade to 4.10.6 (CVE-2014-1545)
fixes #3065