The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 103136 Multiple Security Vulnerabilities in the Layout Engine in Mozilla 1.7 for Solaris 8, 9 and 10

Guest Author
Product: Mozilla v1.7, Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

The Layout Engine in the Mozilla 1.7 application (see mozilla(1)) contains multiple memory corruption vulnerabilities which may allow a remote user who is able to create a web page which is visited by a local user using the Mozilla browser, or who sends a specially crafted email that is read by a local user using Mozilla, to either cause the Mozilla application to crash or execute arbitrary code with the privileges of the user running Mozilla. The ability of a remote user to cause the Mozilla application to crash is a type of Denial of Service (DoS).

The following Mozilla advisory describes 30 separate issues. Of these issues, 20 affect the Layout engine and are listed under CVE-2007-2867, and 10 affect the JavaScript engine and are listed under CVE-2007-2868:

This Sun Alert corresponds to the 20 Layout engine issues described in the Mozilla advisory under CVE-2007-2867.

Additional references:

Avoidance: Workaround
State: Workaround
First released: 30-Oct-2007

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.