Note: This is an archival copy of Security Sun Alert 200092 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000076.1. |
Category Security Release Phase Resolved Mozilla v1.7 Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System Bug Id 6508395 Date of Workaround Release 18-APR-2007 Date of Resolved Release 23-APR-2007 Impact Multiple security vulnerabilities in the Layout Engine in Mozilla 1.7 may allow a remote user who is able to create pages that are viewed with the Mozilla browser to crash the application or execute arbitrary code with the privileges of the user running Mozilla. The ability of a remote user to cause the Mozilla application to crash is a type of Denial of Service (DoS). These issues are described in the following documents: http://www.mozilla.org/security/announce/2006/mfsa2006-68.html CVE-2006-6497 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497 CERT VU# 606260 at http://www.kb.cert.org/vuls/id/606260 Contributing Factors These issues can occur in the following releases: SPARC Platform
x86 Platform
Note: Mozilla 1.4 may be vulnerable to one or more of these security issues. Customers are advised to upgrade to Mozilla 1.7 to obtain these security fixes. To determine the version of Mozilla on a Solaris system, the following command can be run: % /usr/sfw/bin/mozilla -version Mozilla 1.7, (Sun Java Desktop System), build 2005031721 Symptoms There are no predictable symptoms that would indicate the described issues have been exploited. Workaround There is no workaround for this issue. Please see the Resolution section below. Resolution These issues are addressed in the following releases: SPARC Platform
x86 Platform
Modification History Date: 23-APR-2007
References120671-05120672-05 119115-26 119116-26 Attachments This solution has no attachment |
|