incisor
18th April 2006, 05:48 PM
National Cyber Alert System
Technical Cyber Security Alert TA06-107A
Mozilla Products Contain Multiple Vulnerabilities
Original release date: April 17, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Mozilla web browser, email and newsgroup client
* Mozilla SeaMonkey
* Firefox web browser
* Thunderbird email client
* Mozilla Suite
Any products based on Mozilla components, particularly Gecko may also
be affected.
Overview
The Mozilla web browser and derived products contain several
vulnerabilities, the most serious of which could allow a remote
attacker to execute arbitrary code on an affected system.
I. Description
Several vulnerabilities have been reported in the Mozilla web browser
and derived products. More detailed information is available in the
individual vulnerability notes, including:
VU#932734 - Mozilla crypto.generateCRMFRequest() vulnerability
A vulnerability exists in the Mozilla JavaScript routine
generateCRMFRequest() that may allow a remote attacker to execute
arbitrary code.
(CVE-2006-1728)
VU#968814 - Mozilla JavaScript security bypass vulnerability
Mozilla products fail to properly enforce security restrictions in
JavaScript. This vulnerability may allow a remote, unauthenticated
attacker to execute arbitrary code.
(CVE-2006-1726)
VU#179014 - Mozilla CSS integer overflow vulnerability
Mozilla products contain an integer overflow that could allow a
remote, unauthenticated attacker to execute arbitrary code.
(CVE-2006-1730)
VU#488774 - Mozilla XBL binding vulnerability
Mozilla products fail to properly restrict access to privileged XBL
bindings. This vulnerability may allow a remote, unauthenticated
attacker to execute arbitrary code.
(CVE-2006-1733)
VU#842094 - Mozilla JavaScript cloned parent vulnerability
Mozilla products fail to properly restrict access to a JavaScript
functions cloned parent. This vulnerability may allow a remote
attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-1734)
VU#813230 - Mozilla products vulnerable to privilege escalation via
XBL.method.eval
A vulnerability in the way Mozilla products and derivative programs
handle certain XBL methods could allow a remote attacker to execute
arbitrary code on a vulnerable system.
(CVE-2006-1735)
VU#736934 - Mozilla products vulnerable to memory corruption via a
particular sequence of HTML tags
A vulnerability in the way Mozilla products and derivative programs
handle certain HTML tags could allow a remote attacker to execute
arbitrary code on a vulnerable system.
(CVE-2006-0749)
VU#935556 - Mozilla products may allow CSS border-rendering code to
write past the end of an array
A vulnerability in the way Mozilla products and derivative programs
handle certain CSS methods could allow a remote attacker to crash the
application or execute arbitrary code on a vulnerable system.
(CVE-2006-1739)
VU#350262 - Mozilla DHTML memory corruption vulnerabilities
Mozilla products contain to multiple, unspecified vulnerabilities in
the way they handle DHTML. These vulnerabilities may allow a remote
attacker to execute arbitrary code or cause a denial-of-service
condition.
(CVE-2006-1724)
VU#252324 - Mozilla display style vulnerability
Mozilla products contain an unspecified vulnerability in the way they
handle display styles. This vulnerability may allow a remote attacker
to execute arbitrary code or cause a denial-of-service condition.
VU#329500 - Mozilla products vulnerable to memory corruption via large
regular expression in JavaScript
A vulnerability in the way the JavaScript engine of Mozilla products
and derivative programs handles a large regular expression could allow
a remote attacker to crash the application or execute arbitrary code
on a vulnerable system.
II. Impact
The most severe impact of these vulnerabilities could allow a remote
attacker to execute arbitrary code with the privileges of the user
running the affected application. Other effects include a denial of
service or local information disclosure.
III. Solution
Upgrade
Upgrade to Mozilla Firefox 1.5.0.2, Mozilla Thunderbird 1.5.0.2, or
SeaMonkey 1.0.1. According to Mozilla.org, Thunderbird 1.5.0.2 is
to be released on April 18, 2006.
Users are strongly encourages to apply the workarounds described in
the individual vulnerability notes until updates can be applied.
Appendix A. References
* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/security/announce/>
* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/projects/security/known-vulnerabilities.ht
ml>
* US-CERT Vulnerability Note VU#932734 -
<http://www.kb.cert.org/vuls/id/932734>
* US-CERT Vulnerability Note VU#968814 -
<http://www.kb.cert.org/vuls/id/968814>
* US-CERT Vulnerability Note VU#179014 -
<http://www.kb.cert.org/vuls/id/179014>
* US-CERT Vulnerability Note VU#488774 -
<http://www.kb.cert.org/vuls/id/488774>
* US-CERT Vulnerability Note VU#842094 -
<http://www.kb.cert.org/vuls/id/842094>
* US-CERT Vulnerability Note VU#813230 -
<http://www.kb.cert.org/vuls/id/813230>
* US-CERT Vulnerability Note VU#736934 -
<http://www.kb.cert.org/vuls/id/736934>
* US-CERT Vulnerability Note VU#935556 -
<http://www.kb.cert.org/vuls/id/935556>
* US-CERT Vulnerability Note VU#350262 -
<http://www.kb.cert.org/vuls/id/350262>
* US-CERT Vulnerability Note VU#252324 -
<http://www.kb.cert.org/vuls/id/252324>
* US-CERT Vulnerability Note VU#329500 -
<http://www.kb.cert.org/vuls/id/329500>
* US-CERT Vulnerability Notes Related to April Mozilla Security
Advisories -
<http://www.kb.cert.org/vuls/byid'searchview&query=mozilla_April_2
006>
* CVE-2006-1726 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1726>
* CVE-2006-1728 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728>
* CVE-2006-1730 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730>
* CVE-2006-1733 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733>
* CVE-2006-1734 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734>
* CVE-2006-1735 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735>
* CVE-2006-0749 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749>
* CVE-2006-1739 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739>
* CVE-2006-1724 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1724>
* Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/>
* Thunderbird - Reclaim your inbox -
<http://www.mozilla.com/thunderbird/>
* The SeaMonkey Project -
<http://www.mozilla.org/projects/seamonkey/>
* Mozilla Suite - The All-in-One Internet Application Suite -
<http://www.mozilla.org/products/mozilla1.x/>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/browser_secu
rity.html#Mozilla_Firefox>
Technical Cyber Security Alert TA06-107A
Mozilla Products Contain Multiple Vulnerabilities
Original release date: April 17, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Mozilla web browser, email and newsgroup client
* Mozilla SeaMonkey
* Firefox web browser
* Thunderbird email client
* Mozilla Suite
Any products based on Mozilla components, particularly Gecko may also
be affected.
Overview
The Mozilla web browser and derived products contain several
vulnerabilities, the most serious of which could allow a remote
attacker to execute arbitrary code on an affected system.
I. Description
Several vulnerabilities have been reported in the Mozilla web browser
and derived products. More detailed information is available in the
individual vulnerability notes, including:
VU#932734 - Mozilla crypto.generateCRMFRequest() vulnerability
A vulnerability exists in the Mozilla JavaScript routine
generateCRMFRequest() that may allow a remote attacker to execute
arbitrary code.
(CVE-2006-1728)
VU#968814 - Mozilla JavaScript security bypass vulnerability
Mozilla products fail to properly enforce security restrictions in
JavaScript. This vulnerability may allow a remote, unauthenticated
attacker to execute arbitrary code.
(CVE-2006-1726)
VU#179014 - Mozilla CSS integer overflow vulnerability
Mozilla products contain an integer overflow that could allow a
remote, unauthenticated attacker to execute arbitrary code.
(CVE-2006-1730)
VU#488774 - Mozilla XBL binding vulnerability
Mozilla products fail to properly restrict access to privileged XBL
bindings. This vulnerability may allow a remote, unauthenticated
attacker to execute arbitrary code.
(CVE-2006-1733)
VU#842094 - Mozilla JavaScript cloned parent vulnerability
Mozilla products fail to properly restrict access to a JavaScript
functions cloned parent. This vulnerability may allow a remote
attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-1734)
VU#813230 - Mozilla products vulnerable to privilege escalation via
XBL.method.eval
A vulnerability in the way Mozilla products and derivative programs
handle certain XBL methods could allow a remote attacker to execute
arbitrary code on a vulnerable system.
(CVE-2006-1735)
VU#736934 - Mozilla products vulnerable to memory corruption via a
particular sequence of HTML tags
A vulnerability in the way Mozilla products and derivative programs
handle certain HTML tags could allow a remote attacker to execute
arbitrary code on a vulnerable system.
(CVE-2006-0749)
VU#935556 - Mozilla products may allow CSS border-rendering code to
write past the end of an array
A vulnerability in the way Mozilla products and derivative programs
handle certain CSS methods could allow a remote attacker to crash the
application or execute arbitrary code on a vulnerable system.
(CVE-2006-1739)
VU#350262 - Mozilla DHTML memory corruption vulnerabilities
Mozilla products contain to multiple, unspecified vulnerabilities in
the way they handle DHTML. These vulnerabilities may allow a remote
attacker to execute arbitrary code or cause a denial-of-service
condition.
(CVE-2006-1724)
VU#252324 - Mozilla display style vulnerability
Mozilla products contain an unspecified vulnerability in the way they
handle display styles. This vulnerability may allow a remote attacker
to execute arbitrary code or cause a denial-of-service condition.
VU#329500 - Mozilla products vulnerable to memory corruption via large
regular expression in JavaScript
A vulnerability in the way the JavaScript engine of Mozilla products
and derivative programs handles a large regular expression could allow
a remote attacker to crash the application or execute arbitrary code
on a vulnerable system.
II. Impact
The most severe impact of these vulnerabilities could allow a remote
attacker to execute arbitrary code with the privileges of the user
running the affected application. Other effects include a denial of
service or local information disclosure.
III. Solution
Upgrade
Upgrade to Mozilla Firefox 1.5.0.2, Mozilla Thunderbird 1.5.0.2, or
SeaMonkey 1.0.1. According to Mozilla.org, Thunderbird 1.5.0.2 is
to be released on April 18, 2006.
Users are strongly encourages to apply the workarounds described in
the individual vulnerability notes until updates can be applied.
Appendix A. References
* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/security/announce/>
* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/projects/security/known-vulnerabilities.ht
ml>
* US-CERT Vulnerability Note VU#932734 -
<http://www.kb.cert.org/vuls/id/932734>
* US-CERT Vulnerability Note VU#968814 -
<http://www.kb.cert.org/vuls/id/968814>
* US-CERT Vulnerability Note VU#179014 -
<http://www.kb.cert.org/vuls/id/179014>
* US-CERT Vulnerability Note VU#488774 -
<http://www.kb.cert.org/vuls/id/488774>
* US-CERT Vulnerability Note VU#842094 -
<http://www.kb.cert.org/vuls/id/842094>
* US-CERT Vulnerability Note VU#813230 -
<http://www.kb.cert.org/vuls/id/813230>
* US-CERT Vulnerability Note VU#736934 -
<http://www.kb.cert.org/vuls/id/736934>
* US-CERT Vulnerability Note VU#935556 -
<http://www.kb.cert.org/vuls/id/935556>
* US-CERT Vulnerability Note VU#350262 -
<http://www.kb.cert.org/vuls/id/350262>
* US-CERT Vulnerability Note VU#252324 -
<http://www.kb.cert.org/vuls/id/252324>
* US-CERT Vulnerability Note VU#329500 -
<http://www.kb.cert.org/vuls/id/329500>
* US-CERT Vulnerability Notes Related to April Mozilla Security
Advisories -
<http://www.kb.cert.org/vuls/byid'searchview&query=mozilla_April_2
006>
* CVE-2006-1726 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1726>
* CVE-2006-1728 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728>
* CVE-2006-1730 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730>
* CVE-2006-1733 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733>
* CVE-2006-1734 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734>
* CVE-2006-1735 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735>
* CVE-2006-0749 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749>
* CVE-2006-1739 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739>
* CVE-2006-1724 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1724>
* Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/>
* Thunderbird - Reclaim your inbox -
<http://www.mozilla.com/thunderbird/>
* The SeaMonkey Project -
<http://www.mozilla.org/projects/seamonkey/>
* Mozilla Suite - The All-in-One Internet Application Suite -
<http://www.mozilla.org/products/mozilla1.x/>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/browser_secu
rity.html#Mozilla_Firefox>