Note: This is an archival copy of Security Sun Alert 200630 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000492.1.
Article ID : 1000492.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-02-05
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Multiple Security Vulnerabilites in Mozilla 1.7 for Solaris 8, 9, and 10

Category
Security

Release Phase
Resolved

Product
Mozilla v1.7
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6415123, 6447020, 6447021, 6458750, 6458753, 6458754

Date of Workaround Release
04-JAN-2007

Date of Resolved Release
06-FEB-2007

Impact

Multiple security vulnerabilities are present in Mozilla version 1.7 for Solaris 8, 9 and 10. These vulnerabilities may allow a remote unprivileged user who controls a website that is visited by a local user using the Mozilla browser, or in some cases by sending an email that is read by a local user using Mozilla, to execute arbitrary code with the privileges of the user running Mozilla.

Mozilla can be used as a web browser and editor, an irc client, an email client and a news client.

For Mozilla 1.7 (Solaris 8, 9, and 10):

Bug 6415123

Mozilla contains a flaw within the "crypto.generateCRMFRequest" method which may allow a remote user to execute arbitrary code with the privileges of the local user, including the installation of unknown software.

This issue is described in the following documents:

http://www.mozilla.org/security/announce/mfsa2006-24.html

CERT VU# 932734 at http://www.kb.cert.org/vuls/id/932734

CVE-2006-1728 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-1728

 

Bug 6447020

Web content could access the nsISelectionPrivate interface of the "Selection" object and use it to add a SelectionListener. The listener would be called when the user did a "Find" on the page or a "select all". These notifications created in a privileged environment could result in arbitrary code execution.

This issue is described in the following documents:

http://www.mozilla.org/security/announce/2006/mfsa2006-43.html

CERT VU# 237257 at http://www.kb.cert.org/vuls/id/237257

CVE-2006-2777 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2777

 

Bug 6447021

An array index bug in crypto.signText() that results in overflowing an allocated array of pointers by two when optional Certificate Authority name arguments are passed in.

This issue is described in the following documents:

http://www.mozilla.org/security/announce/2006/mfsa2006-38.html

CERT VU#421529 at http://www.kb.cert.org/vuls/id/421529

CVE-2006-2778 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2778

 

Bug 6458750

A VCard attachment with a malformed base64 field (such as a photo) can trigger a heap buffer overwrite, which can be exploited.

This issue is described in the following documents:

http://www.mozilla.org/security/announce/2006/mfsa2006-49.html

CERT VU#897540 at http://www.kb.cert.org/vuls/id/897540

CVE-2006-3804 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3804

 

Bug 6458753

Potential integer overflow issues with long strings in the toSource() methods of the Object, Array and String objects as well as string function arguments.

This issue is described in the following documents:

http://www.mozilla.org/security/announce/2006/mfsa2006-50.html

CERT VU#655892 at http://www.kb.cert.org/vuls/id/655892

CVE-2006-3806 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3806

 

Bug 6458754

Java script constructors may be changed to return reference to privileged objects which may be used to execute attacker supplied code.

This issue is described in the following documents:

http://www.mozilla.org/security/announce/2006/mfsa2006-51.html

CERT VU#687396 at http://www.kb.cert.org/vuls/id/687396

CVE-2006-3807 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3807


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Mozilla 1.7 (for Solaris 8 and 9) without patch 120671-03
  • Mozilla 1.7 (for Solaris 10) without patch 119115-21

x86 Platform

  • Mozilla 1.7 (for Solaris 8 and 9) without patch 120672-03
  • Mozilla 1.7 (for Solaris 10) without patch 119116-21

Note: Mozilla 1.4 may be vulnerable to one or more of these security issues. Customers are advised to upgrade to Mozilla 1.7 to remedy these issues.

To determine the version of Mozilla on a Solaris system, the following command can be run:

    % /usr/sfw/bin/mozilla -version
    Mozilla 1.7, (Sun Java Desktop System), build 2005031721

Symptoms

There are no predictable symptoms that would indicate the described issues have been exploited.


Workaround

Issues pertaining to JavaScript may be worked around by disabling JavaScript. To do this in Mozilla:

  1. Open the "Preferences" dialog from the Edit menu
  2. Select the "Advanced" tree
  3. Select the "Scripts & Plug-ins" leaf
  4. Uncheck the "Navigator and Mail & Newsgroups" check boxes
  5. Click the OK button

There is no workaround for those issues mentioned which do not pertain to JavaScript.


Resolution

These issues are addressed in the following releases:

SPARC Platform

  • Mozilla 1.7 (for Solaris 8 and 9) with patch 120671-03 or later
  • Mozilla 1.7 (for Solaris 10) with patch 119115-21 or later

x86 Platform

  • Mozilla 1.7 (for Solaris 8 and 9) with patch 120672-03 or later
  • Mozilla 1.7 (for Solaris 10) with patch 119116-21 or later


Modification History
Date: 08-JAN-2007

08-Jan-2007:

  • Updated Contributing Factors and Resolution sections

Date: 31-JAN-2007

31-Jan-2006:

  • Updated Contributing Factors and Resolution sections

Date: 06-FEB-2007

06-Feb-2007:

  • Updated Contributing Factors and Resolution sections
  • State: Resolved 


References

119115-21
119116-21
120671-03
120672-03




Attachments
This solution has no attachment