Note: This is an archival copy of Security Sun Alert 200676 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000531.1. |
Category Security Release Phase Resolved Mozilla v1.7 Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System Bug Id 6458752 Date of Workaround Release 30-MAR-2007 Date of Resolved Release 17-APR-2007 Impact A security vulnerability related to untimely "garbage collection" in Mozilla 1.7 for Solaris 8, 9 and 10 may result in the deletion of a temporary object that was in active use. This may allow a remote unprivileged user to run arbitrary code with the privileges of the user running Mozilla or create a Denial of Service (DoS) condition. This issue is described in the following documents: http://www.mozilla.org/security/announce/mfsa2006-50.html CVE-2006-3805 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3805 CERT VU# 876420 at http://www.kb.cert.org/vuls/id/876420 Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Note: Mozilla 1.4 may be vulnerable to this security issue. Customers are advised to upgrade to Mozilla 1.7 to obtain these security fixes. To determine the version of Mozilla on a Solaris system, the following command can be run: % /usr/sfw/bin/mozilla -version Mozilla 1.7, (Sun Java Desktop System), build 2005031721 Symptoms There are no predictable symptoms that would indicate the described issue has been exploited. Workaround To work around the described issue, JavaScript can be disabled with the following steps:
Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Modification History Date: 17-APR-2007
References119115-25119116-25 120671-05 120672-05 Attachments This solution has no attachment |
|