Note: This is an archival copy of Security Sun Alert 200676 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000531.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
A security vulnerability related to untimely "garbage collection" in Mozilla 1.7 for Solaris 8, 9 and 10 may result in the deletion of a temporary object that was in active use. This may allow a remote unprivileged user to run arbitrary code with the privileges of the user running Mozilla or create a Denial of Service (DoS) condition.
This issue is described in the following documents:
CVE-2006-3805 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3805
CERT VU# 876420 at http://www.kb.cert.org/vuls/id/876420
This issue can occur in the following releases:
Note: Mozilla 1.4 may be vulnerable to this security issue. Customers are advised to upgrade to Mozilla 1.7 to obtain these security fixes.
To determine the version of Mozilla on a Solaris system, the following command can be run:
% /usr/sfw/bin/mozilla -version Mozilla 1.7, (Sun Java Desktop System), build 2005031721
There are no predictable symptoms that would indicate the described issue has been exploited.
This issue is addressed in the following releases:
This solution has no attachment