Note: This is an archival copy of Security Sun Alert 200405 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000290.1. |
Category Security Release Phase Resolved Solaris 10 Operating System Sun Java Desktop System Release 2 Mozilla 1.4 for Solaris Bug Id 6281360, 6282170, 6282190, 6284465 Date of Workaround Release 14-OCT-2005 Date of Resolved Release 31-MAY-2006 Impact Multiple security vulnerabilities in certain versions of Mozilla (listed below), may result in one or more of the following issues: 1. A buffer overflow exists that may allow a remote unprivileged user the ability to execute arbitrary code with the privileges of a local user when that local user has loaded an X Bitmap (XBM) format image file or an ICO (Icon Image) image file supplied by an untrusted user or website. [Sun CR 6281360] This issue is described in the following documents:
2. A security vulnerability may allow a malicious website to crash the Mozilla browser when the user drags an image across multiple windows. [Sun CR 6282190] This issue is described in the following document: 3. A security vulnerability may allow a malicious website to inject content into a frame. This is known as the "frame injection vulnerability". [Sun CR 6282170] This issue is described in the following documents:
4. A security vulnerability may allow a malicious website to hang the Mozilla web browser creating a Denial of Service (DoS) by providing a table with large rowspans or colspans. [Sun CR 6284465] This issue is described in the following document: Contributing Factors These issues can occur in the following releases: SPARC Platform
x86 Platform
Linux
Note: Solaris 7 is not affected by these issues. The described issues only occur with the following Mozilla versions:
Note: Mozilla 1.4 downloaded from the Sun Download Center (SDC) is affected by issues numbered 1, 2, and 4 (Sun CRs 6281360, 6282190, and 6284465) above. To determine the version of Mozilla installed on a system, the following command can be used: % /usr/sfw/bin/mozilla -version Mozilla 1.7, (Sun Java Desktop System), build 2005082415 To determine the release of JDS for Linux installed on a system, the following command can be used: % cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004 To determine the version of Mozilla for Linux, run the following command on JDS: % rpm -qf /usr/bin/mozilla mozilla-1.4.1-226
Symptoms There are no predictable symptoms that would indicate the described arbitrary code execution issue (item #1 above) or the frame injection vulnerability (item #3 above) have been exploited. Workaround To reduce the chances of some of the above issues from occurring, turn off "image display" by doing the following:
Resolution These issues are addressed in the following releases: SPARC Platform
x86 Platform
Linux Platform
Mozilla 1.7 for solaris 8 and Solaris 9 is available for download at: http://www.sun.com/software/solaris/browser/getmozilla17.xml The JDS Linux patch 118492-04 is available at: http://wwwa.sun.com/services/jds-entitlement/ Modification History Date: 17-OCT-2005
Date: 31-MAY-2006
Date: 09-JUN-2006
References119115-10Attachments This solution has no attachment |
|