| Article ID : | 201747 | |
| Article Type : | Sun Alert | |
| Last reviewed : | 2007-04-17 | |
| Audience : | PUBLIC | |
| Keywords : | ||
| Copyright Notice: | Copyright © 2009 Sun Microsystems, Inc. All Rights Reserved | |
Security Vulnerability in the Mozilla js_dtoa() Routine May Result in Denial of Service |
| Category : | Security | |
| Release Phase : | Resolved | |
| Product : | Mozilla v1.7 Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System | |
| Bug Id : | 6508398 | |
| Date of Workaround Release : | 15-MAR-2007 | |
| Date of Resolved Release : | 17-APR-2007 | |
A security vulnerability in the Mozilla (see mozilla(1)) js_dtoa() function may cause the Mozilla application to crash if a user views a web page, mail message, or newsgroup message when certain plugins are installed. The ability of a remote user who creates such a web page, mail message, or newsgroup post to cause the Mozilla application to crash is a type of Denial of Service.
This issue is described in the following documents:
http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
CVE-2006-6499 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499
CERT VU#427972 at http://www.kb.cert.org/vuls/id/427972
This issue can occur in the following releases:
SPARC Platform
x86 Platform
To determine the version of Mozilla on a Solaris system, the following command can be run:
% /usr/sfw/bin/mozilla -version Mozilla 1.7, (Sun Java Desktop System), build 2005031721
The Mozilla application may crash and write a core(4) file if this issue occurs. A stack trace of the core file (from pstack(1)) would reference the js_dtoa() routine.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
SPARC Platform
x86 Platform
This solution has no attachment
|
|
|
|
|
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |