Jump to content

Mozilla products

N1K

By N1K
in Software Hangout

 Share

Recommended Posts

N1K

N1K

Posted
Posted

National Cyber Alert System

Technical Cyber Security Alert TA06-038A

Multiple Vulnerabilities in Mozilla Products

Original release date: February 7, 2006

Last revised: --

Source: US-CERT

Systems Affected

Mozilla software, including the following, is affected:

* Mozilla web browser, email and newsgroup client

* Mozilla SeaMonkey

* Firefox web browser

* Thunderbird email client

Overview

Several vulnerabilities exist in the Mozilla web browser and derived

products, the most serious of which could allow a remote attacker to

execute arbitrary code on an affected system.

I. Description

Several vulnerabilities have been reported in the Mozilla web browser

and derived products. More detailed information is available in the

individual vulnerability notes, including:

VU#592425 - Mozilla-based products fail to validate user input to the

attribute name in "XULDocument.persist"

A vulnerability in some Mozilla products that could allow a remote

attacker to execute Javascript commands with the permissions of the

user running the affected application.

(CVE-2006-0296)

VU#759273 - Mozilla QueryInterface memory corruption vulnerability

Mozilla Firefox web browser and Thunderbird mail client contain a

memory corruption vulnerability that may allow a remote attacker to

execute arbitrary code.

(CVE-2006-0295)

II. Impact

The most severe impact of these vulnerabilities could allow a remote

attacker to execute arbitrary code with the privileges of the user

running the affected application. Other impacts include a denial of

service or local information disclosure.

III. Solution

Upgrade

Upgrade to Mozilla Firefox 1.5.0.1 or SeaMonkey 1.0.

For Mozilla-based products that have no updates available, users are

strongly encouraged to disable JavaScript.

Appendix A. References

* Mozilla Foundation Security Advisories -

<http://www.mozilla.org/security/announce/>

* Mozilla Foundation Security Advisories -

<http://www.mozilla.org/projects/security/known-vulnerabilities.ht

ml>

* US-CERT Vulnerability Note VU#592425 -

<http://www.kb.cert.org/vuls/id/592425>

* US-CERT Vulnerability Note VU#759273 -

<http://www.kb.cert.org/vuls/id/759273>

* US-CERT Vulnerability Notes Related to February Mozilla Security

Advisories -

<http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_feb_200

6>

* US-CERT Vulnerability Note VU#604745 -

<http://www.kb.cert.org/vuls/id/604745>

* CVE-2006-0296 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296>

* CVE-2006-0295 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0295>

* Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/>

* The SeaMonkey Project -

<http://www.mozilla.org/projects/seamonkey/>


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...