A security vulnerability in the Mozilla (see mozilla(1)) js_dtoa() function may cause the Mozilla application to crash if a user views a web page, mail message, or newsgroup message when certain plugins are installed. The ability of a remote user who creates such a web page, mail message, or newsgroup post to cause the Mozilla application to crash is a type of Denial of Service.

This issue is described in the following documents:

http://www.mozilla.org/security/announce/2006/mfsa2006-68.html

CVE-2006-6499 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499

CERT VU#427972 at http://www.kb.cert.org/vuls/id/427972

This issue can occur in the following releases:

SPARC Platform

• Mozilla 1.7 (for Solaris 8) without patch 120671-05
• Mozilla 1.7 (for Solaris 9) without patch 120671-05
• Mozilla 1.7 (for Solaris 10) without patch 119115-24

x86 Platform

• Mozilla 1.7 (for Solaris 8) without patch 120672-05
• Mozilla 1.7 (for Solaris 9) without patch 120672-05
• Mozilla 1.7 (for Solaris 10) without patch 119116-24

To determine the version of Mozilla on a Solaris system, the following command can be run:

    % /usr/sfw/bin/mozilla -version
    Mozilla 1.7, (Sun Java Desktop System), build 2005031721

The Mozilla application may crash and write a core(4) file if this issue occurs. A stack trace of the core file (from pstack(1)) would reference the js_dtoa() routine.

There is no workaround for this issue. Please see the Resolution section below.

This issue is addressed in the following releases:

SPARC Platform

• Solaris 8 with patch 120671-05 or later
• Solaris 9 with patch 120671-05 or later
• Solaris 10 with patch 119115-24 or later

x86 Platform

• Solaris 8 with patch 120672-05 or later
• Solaris 9 with patch 120672-05 or later
• Solaris 10 with patch 119116-24 or later

• Updated Contributing Factors and Resolution sections
• State: Resolved

This solution has no attachment