Note: This is an archival copy of Security Sun Alert 200676 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000531.1.
Article ID : 1000531.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-04-16
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Mozilla 1.7 JavaScript Engine for Solaris

Category
Security

Release Phase
Resolved

Product
Mozilla v1.7
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6458752

Date of Workaround Release
30-MAR-2007

Date of Resolved Release
17-APR-2007

Impact

A security vulnerability related to untimely "garbage collection" in Mozilla 1.7 for Solaris 8, 9 and 10 may result in the deletion of a temporary object that was in active use. This may allow a remote unprivileged user to run arbitrary code with the privileges of the user running Mozilla or create a Denial of Service (DoS) condition.

This issue is described in the following documents:

http://www.mozilla.org/security/announce/mfsa2006-50.html

CVE-2006-3805 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3805

CERT VU# 876420 at http://www.kb.cert.org/vuls/id/876420


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Mozilla 1.7 (for Solaris 8) without patch 120671-05
  • Mozilla 1.7 (for Solaris 9) without patch 120671-05
  • Mozilla 1.7 (for Solaris 10) without patch 119115-25

x86 Platform

  • Mozilla 1.7 (for Solaris 8) without patch 120672-05
  • Mozilla 1.7 (for Solaris 9) without patch 120672-05
  • Mozilla 1.7 (for Solaris 10) without patch 119116-25

Note: Mozilla 1.4 may be vulnerable to this security issue. Customers are advised to upgrade to Mozilla 1.7 to obtain these security fixes.

To determine the version of Mozilla on a Solaris system, the following command can be run:

    % /usr/sfw/bin/mozilla -version
    Mozilla 1.7, (Sun Java Desktop System), build 2005031721

Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.


Workaround

To work around the described issue, JavaScript can be disabled with the following steps:

  1. Open the "Preferences" dialog from the Edit menu
  2. Select the "Advanced" tree
  3. Select the "Scripts & Plug-ins" leaf
  4. Uncheck the "Navigator and Mail & Newsgroups" check boxes
  5. Click the OK button

Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 120671-05 or later
  • Solaris 9 with patch 120671-05 or later
  • Solaris 10 with patch 119115-25 or later

x86 Platform

  • Solaris 8 with patch 120672-05 or later
  • Solaris 9 with patch 120672-05 or later
  • Solaris 10 with patch 119116-25 or later


Modification History
Date: 17-APR-2007
  • Updated Contributing Factors and Resolution sections
  • State: Resolved


References

119115-25
119116-25
120671-05
120672-05




Attachments
This solution has no attachment