Note: This is an archival copy of Security Sun Alert 201747 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001287.1.
Article ID : 1001287.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-04-16
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the Mozilla js_dtoa() Routine May Result in Denial of Service

Category
Security

Release Phase
Resolved

Product
Mozilla v1.7
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6508398

Date of Workaround Release
15-MAR-2007

Date of Resolved Release
17-APR-2007

Impact

A security vulnerability in the Mozilla (see mozilla(1)) js_dtoa() function may cause the Mozilla application to crash if a user views a web page, mail message, or newsgroup message when certain plugins are installed. The ability of a remote user who creates such a web page, mail message, or newsgroup post to cause the Mozilla application to crash is a type of Denial of Service.

This issue is described in the following documents:

http://www.mozilla.org/security/announce/2006/mfsa2006-68.html

CVE-2006-6499 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499

CERT VU#427972 at http://www.kb.cert.org/vuls/id/427972


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Mozilla 1.7 (for Solaris 8) without patch 120671-05
  • Mozilla 1.7 (for Solaris 9) without patch 120671-05
  • Mozilla 1.7 (for Solaris 10) without patch 119115-24

x86 Platform

  • Mozilla 1.7 (for Solaris 8) without patch 120672-05
  • Mozilla 1.7 (for Solaris 9) without patch 120672-05
  • Mozilla 1.7 (for Solaris 10) without patch 119116-24

To determine the version of Mozilla on a Solaris system, the following command can be run:

    % /usr/sfw/bin/mozilla -version
    Mozilla 1.7, (Sun Java Desktop System), build 2005031721

Symptoms

The Mozilla application may crash and write a core(4) file if this issue occurs. A stack trace of the core file (from pstack(1)) would reference the js_dtoa() routine.


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 120671-05 or later
  • Solaris 9 with patch 120671-05 or later
  • Solaris 10 with patch 119115-24 or later

x86 Platform

  • Solaris 8 with patch 120672-05 or later
  • Solaris 9 with patch 120672-05 or later
  • Solaris 10 with patch 119116-24 or later


Modification History
Date: 17-APR-2007
  • Updated Contributing Factors and Resolution sections
  • State: Resolved


References

119116-24
119115-24
120671-05
120672-05




Attachments
This solution has no attachment