Note: This is an archival copy of Security Sun Alert 200405 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000290.1.
Article ID : 1000290.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-03-04
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Multiple Security Vulnerabilities in Mozilla 1.4



Category
Security

Release Phase
Resolved

Product
Solaris 10 Operating System
Sun Java Desktop System Release 2
Mozilla 1.4 for Solaris

Bug Id
6281360, 6282170, 6282190, 6284465

Date of Workaround Release
14-OCT-2005

Date of Resolved Release
31-MAY-2006

Impact

Multiple security vulnerabilities in certain versions of Mozilla (listed below), may result in one or more of the following issues:

1. A buffer overflow exists that may allow a remote unprivileged user the ability to execute arbitrary code with the privileges of a local user when that local user has loaded an X Bitmap (XBM) format image file or an ICO (Icon Image) image file supplied by an untrusted user or website. [Sun CR 6281360]

This issue is described in the following documents:

2. A security vulnerability may allow a malicious website to crash the Mozilla browser when the user drags an image across multiple windows. [Sun CR 6282190]

This issue is described in the following document:

3. A security vulnerability may allow a malicious website to inject content into a frame. This is known as the "frame injection vulnerability". [Sun CR 6282170]

This issue is described in the following documents:

4. A security vulnerability may allow a malicious website to hang the Mozilla web browser creating a Denial of Service (DoS) by providing a table with large rowspans or colspans. [Sun CR 6284465]

This issue is described in the following document:


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Mozilla 1.4 downloaded from the Sun Download Center (SDC) (for Solaris 8 and Solaris 9)
  • Solaris 10 without patch 119115-10

x86 Platform

  • Mozilla 1.4 downloaded from the Sun Download Center (SDC) (for Solaris 8 and Solaris 9)
  • Solaris 10 without patch 119116-10

Linux

  • Sun Java Desktop System (JDS) Release 2 without patch 118492-04

Note: Solaris 7 is not affected by these issues.

The described issues only occur with the following Mozilla versions:

  • Mozilla 1.4 downloaded from the Sun Download Center (SDC)
  • Mozilla 1.7 bundled with Solaris 10

Note: Mozilla 1.4 downloaded from the Sun Download Center (SDC) is affected by issues numbered 1, 2, and 4 (Sun CRs 6281360, 6282190, and 6284465) above.

To determine the version of Mozilla installed on a system, the following command can be used:

    % /usr/sfw/bin/mozilla -version
    Mozilla 1.7, (Sun Java Desktop System), build 2005082415

To determine the release of JDS for Linux installed on a system, the following command can be used:

    % cat /etc/sun-release
    Sun Java Desktop System, Release 2 -build 10b (GA)
    Assembled 30 March 2004

To determine the version of Mozilla for Linux, run the following command on JDS:

    % rpm -qf /usr/bin/mozilla
    mozilla-1.4.1-226

 


Symptoms

There are no predictable symptoms that would indicate the described arbitrary code execution issue (item #1 above) or the frame injection vulnerability (item #3 above) have been exploited.


Workaround

To reduce the chances of some of the above issues from occurring, turn off "image display" by doing the following:

  1. Select "Preferences" under the browser's "Edit" menu
  2. In the "Preferences" window, select the "Privacy and Security" category
  3. Click on "Images"
  4. From the Images window, select "Do not load any images"
  5. Click "ok"

Resolution

These issues are addressed in the following releases:

SPARC Platform

  • Mozilla 1.7 SDC (for Solaris 8 and Solaris 9)
  • Solaris 10 with patch 119115-10 or later

x86 Platform

  • Mozilla 1.7 SDC (for Solaris 8 and Solaris 9)
  • Solaris 10 with patch 119116-10 or later

Linux Platform

  • Sun Java Desktop System (JDS) Release 2 with patch 118492-04 or later

Mozilla 1.7 for solaris 8 and Solaris 9 is available for download at: http://www.sun.com/software/solaris/browser/getmozilla17.xml 

The JDS Linux patch 118492-04 is available at:

http://wwwa.sun.com/services/jds-entitlement/



Modification History
Date: 17-OCT-2005
  • Updated Impact section

Date: 31-MAY-2006
  • State: Resolved
  • Updated Contributing Factors and Resolution sections

Date: 09-JUN-2006
  • Updated Product field


References

119115-10




Attachments
This solution has no attachment