Note: This is an archival copy of Security Sun Alert 200092 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000076.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
Multiple security vulnerabilities in the Layout Engine in Mozilla 1.7 may allow a remote user who is able to create pages that are viewed with the Mozilla browser to crash the application or execute arbitrary code with the privileges of the user running Mozilla. The ability of a remote user to cause the Mozilla application to crash is a type of Denial of Service (DoS).
These issues are described in the following documents:
CVE-2006-6497 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497
CERT VU# 606260 at http://www.kb.cert.org/vuls/id/606260
These issues can occur in the following releases:
Note: Mozilla 1.4 may be vulnerable to one or more of these security issues. Customers are advised to upgrade to Mozilla 1.7 to obtain these security fixes.
To determine the version of Mozilla on a Solaris system, the following command can be run:
% /usr/sfw/bin/mozilla -version Mozilla 1.7, (Sun Java Desktop System), build 2005031721
There are no predictable symptoms that would indicate the described issues have been exploited.
There is no workaround for this issue. Please see the Resolution section below.
These issues are addressed in the following releases:
This solution has no attachment