Note: This is an archival copy of Security Sun Alert 201747 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001287.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
A security vulnerability in the Mozilla (see mozilla(1)) js_dtoa() function may cause the Mozilla application to crash if a user views a web page, mail message, or newsgroup message when certain plugins are installed. The ability of a remote user who creates such a web page, mail message, or newsgroup post to cause the Mozilla application to crash is a type of Denial of Service.
This issue is described in the following documents:
CVE-2006-6499 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499
CERT VU#427972 at http://www.kb.cert.org/vuls/id/427972
This issue can occur in the following releases:
To determine the version of Mozilla on a Solaris system, the following command can be run:
% /usr/sfw/bin/mozilla -version Mozilla 1.7, (Sun Java Desktop System), build 2005031721
The Mozilla application may crash and write a core(4) file if this issue occurs. A stack trace of the core file (from pstack(1)) would reference the js_dtoa() routine.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
This solution has no attachment