Multiple Security Vulnerabilities in Mozilla 1.4


Category :Security
Release Phase :Resolved
Product :Solaris 10 Operating System
Sun Java Desktop System Release 2
Mozilla 1.4 for Solaris  
Bug Id :6281360, 6282170, 6282190, 6284465  
Date of Workaround Release :14-OCT-2005 
Date of Resolved Release :31-MAY-2006 


Impact

Multiple security vulnerabilities in certain versions of Mozilla (listed below), may result in one or more of the following issues:

1. A buffer overflow exists that may allow a remote unprivileged user the ability to execute arbitrary code with the privileges of a local user when that local user has loaded an X Bitmap (XBM) format image file or an ICO (Icon Image) image file supplied by an untrusted user or website. [Sun CR 6281360]

This issue is described in the following documents:

2. A security vulnerability may allow a malicious website to crash the Mozilla browser when the user drags an image across multiple windows. [Sun CR 6282190]

This issue is described in the following document:

3. A security vulnerability may allow a malicious website to inject content into a frame. This is known as the "frame injection vulnerability". [Sun CR 6282170]

This issue is described in the following documents:

4. A security vulnerability may allow a malicious website to hang the Mozilla web browser creating a Denial of Service (DoS) by providing a table with large rowspans or colspans. [Sun CR 6284465]

This issue is described in the following document:


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Mozilla 1.4 downloaded from the Sun Download Center (SDC) (for Solaris 8 and Solaris 9)
  • Solaris 10 without patch 119115-10

x86 Platform

  • Mozilla 1.4 downloaded from the Sun Download Center (SDC) (for Solaris 8 and Solaris 9)
  • Solaris 10 without patch 119116-10

Linux

  • Sun Java Desktop System (JDS) Release 2 without patch 118492-04

Note: Solaris 7 is not affected by these issues.

The described issues only occur with the following Mozilla versions:

  • Mozilla 1.4 downloaded from the Sun Download Center (SDC)
  • Mozilla 1.7 bundled with Solaris 10

Note: Mozilla 1.4 downloaded from the Sun Download Center (SDC) is affected by issues numbered 1, 2, and 4 (Sun CRs 6281360, 6282190, and 6284465) above.

To determine the version of Mozilla installed on a system, the following command can be used:

    % /usr/sfw/bin/mozilla -version
    Mozilla 1.7, (Sun Java Desktop System), build 2005082415

To determine the release of JDS for Linux installed on a system, the following command can be used:

    % cat /etc/sun-release    
    Sun Java Desktop System, Release 2 -build 10b (GA)
    Assembled 30 March 2004

To determine the version of Mozilla for Linux, run the following command on JDS:

    % rpm -qf /usr/bin/mozilla
    mozilla-1.4.1-226

 


Symptoms

There are no predictable symptoms that would indicate the described arbitrary code execution issue (item #1 above) or the frame injection vulnerability (item #3 above) have been exploited.


Workaround

To reduce the chances of some of the above issues from occurring, turn off "image display" by doing the following:

  1. Select "Preferences" under the browser's "Edit" menu
  2. In the "Preferences" window, select the "Privacy and Security" category
  3. Click on "Images"
  4. From the Images window, select "Do not load any images"
  5. Click "ok"

Resolution

These issues are addressed in the following releases:

SPARC Platform

  • Mozilla 1.7 SDC (for Solaris 8 and Solaris 9)
  • Solaris 10 with patch 119115-10 or later

x86 Platform

  • Mozilla 1.7 SDC (for Solaris 8 and Solaris 9)
  • Solaris 10 with patch 119116-10 or later

Linux Platform

  • Sun Java Desktop System (JDS) Release 2 with patch 118492-04 or later

Mozilla 1.7 for solaris 8 and Solaris 9 is available for download at: http://www.sun.com/software/solaris/browser/getmozilla17.xml 

The JDS Linux patch 118492-04 is available at:

http://wwwa.sun.com/services/jds-entitlement/




Modification History


Date: 17-OCT-2005
  • Updated Impact section

Date: 31-MAY-2006
  • State: Resolved
  • Updated Contributing Factors and Resolution sections

Date: 09-JUN-2006
  • Updated Product field



Attachments
This solution has no attachment
 
Sun support customers:
more support information is available after you sign in.
 
»   Login
»   Register
»   Lost UserName/Password
 
Login Required

You must login and have a valid contract to access Sun's Premium content which includes:

  • Sun Alerts
  • Bugs
  • Patches
  • Solutions
  • White Papers
  • Documentation
  • Support Knowledge

Login Required

You must login and have a valid contract to access Sun's contracted features

Access Legend:

(Login to access)   Sun Contracted Content
(Login to access)   Sun Contracted Feature

Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

Search
Article Details
Article ID : 200405
Article Type : Sun Alert
Last reviewed : 2007-03-05
Audience : PUBLIC
Keywords :
Provide feedback  (help)
Page Tools
»  Print This Page
»  Email This Article
»  Bookmark This Article
Security Support
»   Security Center
»   Report Security Vulnerabilities
»   Security PGP Key
»   Sun Alert Notifications - RSS Feeds
»   Sun Alert Notifications - eNewsletter
»   Solaris Fingerprint Database
 
SunSolve Navigation
»   Forums for contracted customers
»   Licenses
»   Log a Service Request
»   Patches and Updates
»   Product Download Center
»   SunSystem Handbook
»   SunSolve Japan
SunSolve Feedback, Help and Updates
»   Blog
»   Community
»   Feedback
»   Help
»   Learn about SunSolve
»   Twitter
About Oracle | Oracle and Sun | Oracle RSS Feeds | Subscribe | Careers | Contact Us | Site Maps | Legal Notices | Terms of Use | Your Privacy Rights | Copyright © 2010, Oracle Corporation and/or its affiliates | SunSolve Version 7.4.2 #1