X

The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 103121 Multiple Memory Corruption Vulnerabilities in Layout Engine for Mozilla 1.7

Guest Author
Product: Mozilla v1.7

The Layout Engine in the Mozilla 1.7 application (see mozilla(1)) contains multiple memory corruption vulnerabilities which may allow a remote user who is able to create a web page which is visited by a local user using the Mozilla browser, or who sends a specially crafted email that is read by a local user using Mozilla, to either cause the Mozilla application to crash or execute arbitrary code with the privileges of the user running Mozilla. The ability of a remote user to cause the Mozilla application to crash is a type of Denial of Service (DoS).

The following Mozilla advisory describes four separate memory corruption issues:

http://www.mozilla.org/security/announce/2006/mfsa2006-65.html

This Sun Alert corresponds to two of the issues described in the Mozilla advisory above:

https://bugzilla.mozilla.org/show_bug.cgi?id=307809

https://bugzilla.mozilla.org/show_bug.cgi?id=351328

Also note that Mozilla 1.7 is not affected by the following two vulnerabilities mentioned in the advisory:

https://bugzilla.mozilla.org/show_bug.cgi?id=310267

https://bugzilla.mozilla.org/show_bug.cgi?id=350370

Additional references that describe these issues can be found in the following documents:

CVE-2006-5464 at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5464

CERT VU#495288 at http://www.kb.cert.org/vuls/id/495288

CERT Security Alert TA06-312A at http://www.us-cert.gov/cas/techalerts/TA06-312A.html

Avoidance: Workaround
State: Workaround
First released: 22-Oct-2007

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.