The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102955 Security Vulnerability in JavaScript Engine in Mozilla 1.7 for Solaris 8, 9 and 10

Guest Author
Product: Mozilla v1.7, Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

The JavaScript Engine in the Mozilla 1.7 application (see mozilla(1)) contains a vulnerability which may allow a remote user who is able to create a web page which is visited by a local user using the Mozilla browser, or who sends a specially crafted email that is read by a local user using Mozilla, to either cause the Mozilla application to crash or execute arbitrary code with the privileges of the user running Mozilla. The ability of a remote user to cause the Mozilla application to crash is a type of Denial of Service (DoS).

This issue is described in the following documents:

Note: There are a total of 10 bugzilla bugs listed for CVE 2006-6498. Out of these bugs, only one bug (https://bugzilla.mozilla.org/show_bug.cgi?id=361346) is applicable to Sun Mozilla 1.7. The other 9 bugs are not applicable.

Avoidance: Patch, Workaround
State: Resolved
First released: 07-Jun-2007

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.