Note: This is an archival copy of Security Sun Alert 201747 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001287.1. |
Category Security Release Phase Resolved Mozilla v1.7 Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System Bug Id 6508398 Date of Workaround Release 15-MAR-2007 Date of Resolved Release 17-APR-2007 Impact A security vulnerability in the Mozilla (see mozilla(1)) js_dtoa() function may cause the Mozilla application to crash if a user views a web page, mail message, or newsgroup message when certain plugins are installed. The ability of a remote user who creates such a web page, mail message, or newsgroup post to cause the Mozilla application to crash is a type of Denial of Service. This issue is described in the following documents: http://www.mozilla.org/security/announce/2006/mfsa2006-68.html CVE-2006-6499 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499 CERT VU#427972 at http://www.kb.cert.org/vuls/id/427972 Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
To determine the version of Mozilla on a Solaris system, the following command can be run: % /usr/sfw/bin/mozilla -version Mozilla 1.7, (Sun Java Desktop System), build 2005031721 Symptoms The Mozilla application may crash and write a core(4) file if this issue occurs. A stack trace of the core file (from pstack(1)) would reference the js_dtoa() routine. Workaround There is no workaround for this issue. Please see the Resolution section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Modification History Date: 17-APR-2007
References119116-24119115-24 120671-05 120672-05 Attachments This solution has no attachment |
|