Note: This is an archival copy of Security Sun Alert 200605 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000467.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
The following Mozilla advisory describes nine separate memory corruption issues:
This Sun Alert corresponds to the following five issues described in the Mozilla advisory above:
FireMenuItemActiveEvent called at unsafe times (Boris Zbarsky):
Potential string class buffer overruns in out-of-memory case (Darin Fisher, Daniel Veditz):
Crashes involving table row and column groups (Jesse Ruderman, Martijn Wargers):
crypto.generateCRMFRequest callback can run on deleted context (shutdown):
Note: Mozilla 1.7 is not affected by the below vulnerabilities mentioned in the advisory:
Crashes referencing removed nodes (Jesse Ruderman, Martijn Wargers):
These issues can occur in the following releases:
Note: Mozilla 1.4 may be vulnerable to one or more of these security issues. Customers are advised to upgrade to Mozilla 1.7 to get the security fixes once they are available.
To determine the version of Mozilla on a Solaris system, the following command can be run:
% /usr/sfw/bin/mozilla -version Mozilla 1.7, (Sun Java Desktop System), build 2005031721
There are no predictable symptoms that would indicate the described issues have been exploited.
This issue is addressed in the following releases:
This solution has no attachment