Note: This is an archival copy of Security Sun Alert 201386 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001059.1. |
Category Security Release Phase Resolved Mozilla v1.7 Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System Bug Id 6447022, 6508400 Date of Workaround Release 12-FEB-2007 Date of Resolved Release 10-APR-2007 Impact Security vulnerabilities are present in the mail client and the browser components of Mozilla 1.7 (for Solaris 8, 9 and 10). (Mozilla can be used as a web browser and editor, an IRC client, an email client and a news client) These vulnerabilities may allow a remote unprivileged user who either controls a website that is visited by a local user using the Mozilla browser or sends an email that is read by a local user using Mozilla to execute arbitrary code with the privileges of the user running Mozilla. BugID 6447022 - For Mozilla 1.7: This issue is described in the following documents:
BugID 6508400 - For Mozilla 1.7: This issue is described in the following documents:
Contributing Factors These issues can occur in the following releases: SPARC Platform
x86 Platform
Note: Mozilla 1.4 may be vulnerable to one or more of these security issues. Customers are advised to upgrade to Mozilla 1.7 to get these security fixes. To determine the version of Mozilla on a Solaris system, the following command can be run: % /usr/sfw/bin/mozilla -version Mozilla 1.7, (Sun Java Desktop System), build 2005031721
Symptoms There are no predictable symptoms that would indicate the described issues have been exploited. Workaround BugID 6508400: There is no workaround for this issue. BugID 6447022: To work around this issue, disable Javascript in Mozilla mail by doing the following:
Resolution These issues are addressed in the following releases: SPARC Platform
x86 Platform
Modification History Date: 23-FEB-2007
Date: 10-APR-2007
Date: 13-APR-2007
References119116-23119115-23 120671-05 120672-04 Attachments This solution has no attachment |
|