Multiple Security Vulnerabilites in Mozilla 1.7 for Solaris 8, 9, and 10 |
|
| Category : | Security |
| Release Phase : | Resolved |
| Product : | Mozilla v1.7
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
|
| Bug Id : | 6415123, 6447020, 6447021, 6458750, 6458753, 6458754
|
| Date of Workaround Release : | 04-JAN-2007
|
| Date of Resolved Release : | 06-FEB-2007
|
Multiple security vulnerabilities are present in Mozilla version 1.7 for Solaris 8, 9 and 10. These vulnerabilities may allow a remote unprivileged user who controls a website that is visited by a local user using the Mozilla browser, or in some cases by sending an email that is read by a local user using Mozilla, to execute arbitrary code with the privileges of the user running Mozilla.
Mozilla can be used as a web browser and editor, an irc client, an email client and a news client.
For Mozilla 1.7 (Solaris 8, 9, and 10):
Bug 6415123
Mozilla contains a flaw within the "crypto.generateCRMFRequest" method which may allow a remote user to execute arbitrary code with the privileges of the local user, including the installation of unknown software.
This issue is described in the following documents:
http://www.mozilla.org/security/announce/mfsa2006-24.html
CERT VU# 932734 at http://www.kb.cert.org/vuls/id/932734
CVE-2006-1728 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-1728
Bug 6447020
Web content could access the nsISelectionPrivate interface of the "Selection" object and use it to add a SelectionListener. The listener would be called when the user did a "Find" on the page or a "select all". These notifications created in a privileged environment could result in arbitrary code execution.
This issue is described in the following documents:
http://www.mozilla.org/security/announce/2006/mfsa2006-43.html
CERT VU# 237257 at http://www.kb.cert.org/vuls/id/237257
CVE-2006-2777 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2777
Bug 6447021
An array index bug in crypto.signText() that results in overflowing an allocated array of pointers by two when optional Certificate Authority name arguments are passed in.
This issue is described in the following documents:
http://www.mozilla.org/security/announce/2006/mfsa2006-38.html
CERT VU#421529 at http://www.kb.cert.org/vuls/id/421529
CVE-2006-2778 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2778
Bug 6458750
A VCard attachment with a malformed base64 field (such as a photo) can trigger a heap buffer overwrite, which can be exploited.
This issue is described in the following documents:
http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
CERT VU#897540 at http://www.kb.cert.org/vuls/id/897540
CVE-2006-3804 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3804
Bug 6458753
Potential integer overflow issues with long strings in the toSource() methods of the Object, Array and String objects as well as string function arguments.
This issue is described in the following documents:
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
CERT VU#655892 at http://www.kb.cert.org/vuls/id/655892
CVE-2006-3806 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3806
Bug 6458754
Java script constructors may be changed to return reference to privileged objects which may be used to execute attacker supplied code.
This issue is described in the following documents:
http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
CERT VU#687396 at http://www.kb.cert.org/vuls/id/687396
CVE-2006-3807 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3807
Contributing Factors
These issues can occur in the following releases:
SPARC Platform
- Mozilla 1.7 (for Solaris 8 and 9) without patch 120671-03
- Mozilla 1.7 (for Solaris 10) without patch 119115-21
x86 Platform
- Mozilla 1.7 (for Solaris 8 and 9) without patch 120672-03
- Mozilla 1.7 (for Solaris 10) without patch 119116-21
Note: Mozilla 1.4 may be vulnerable to one or more of these security issues. Customers are advised to upgrade to Mozilla 1.7 to remedy these issues.
To determine the version of Mozilla on a Solaris system, the following command can be run:
% /usr/sfw/bin/mozilla -version
Mozilla 1.7, (Sun Java Desktop System), build 2005031721
Symptoms
There are no predictable symptoms that would indicate the described issues have been exploited.
Workaround
Issues pertaining to JavaScript may be worked around by disabling JavaScript. To do this in Mozilla:
- Open the "Preferences" dialog from the Edit menu
- Select the "Advanced" tree
- Select the "Scripts & Plug-ins" leaf
- Uncheck the "Navigator and Mail & Newsgroups" check boxes
- Click the OK button
There is no workaround for those issues mentioned which do not pertain to JavaScript.
Resolution
These issues are addressed in the following releases:
SPARC Platform
- Mozilla 1.7 (for Solaris 8 and 9) with patch 120671-03 or later
- Mozilla 1.7 (for Solaris 10) with patch 119115-21 or later
x86 Platform
- Mozilla 1.7 (for Solaris 8 and 9) with patch 120672-03 or later
- Mozilla 1.7 (for Solaris 10) with patch 119116-21 or later
Modification HistoryDate: 08-JAN-2007
08-Jan-2007:
- Updated Contributing Factors and Resolution sections
Date: 31-JAN-2007
31-Jan-2006:
- Updated Contributing Factors and Resolution sections
Date: 06-FEB-2007
06-Feb-2007:
- Updated Contributing Factors and Resolution sections
- State: Resolved
AttachmentsThis solution has no attachment
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Sun Contracted Content
Sun Contracted Feature
