Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories» SUSE » Mozilla remote code execution

Mozilla remote code execution

Multiple vulnerabilities have been found in Mozilla Firefox, Mozilla Thunderbird and Seamonkey which could lead to execution of arbitrary code.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SUSE Security Announcement

Package: MozillaFirefox,MozillaThunderbird,Seamonkey
Announcement ID: SUSE-SA:2006:035
Date: Fri, 23 Jun 2006 10:00:00 +0000
Affected Products: SUSE LINUX 10.1
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CVE-2006-1729, CVE-2006-1942, CVE-2006-2775
CVE-2006-2776, CVE-2006-2777, CVE-2006-2778
CVE-2006-2779, CVE-2006-2780, CVE-2006-2781
CVE-2006-2782, CVE-2006-2783, CVE-2006-2784
CVE-2006-2785, CVE-2006-2786, CVE-2006-2787
MFSA 2006-31, MFSA 2006-32, MFSA 2006-33
MFSA 2006-34, MFSA 2006-35, MFSA 2006-36
MFSA 2006-37, MFSA 2006-38, MFSA 2006-39
MFSA 2006-40, MFSA 2006-42, MFSA 2006-43

Content of This Advisory:
1) Security Vulnerability Resolved:
various fixes in Mozilla Firefox, Thunderbird and Seamonkey suite
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

This update fixes several security problems in the Mozilla Firefox
1.5 browser, Thunderbird 1.5 mail reader and Seamonkey Suite.

It also brings Mozilla Firefox and Thunderbird up to version 1.5.0.4
bugfix level and the Seamonkey Suite to version 1.0.2.


Only updates for SUSE Linux 10.1 are currently available. We are
working on backports for the older products, since the Mozilla
foundation has not released updates for those old products.

The full list with even more details is at:
http://www.mozilla.org/projects/security/known-vulnerabilities.html

MFSA 2006-31/CVE-2006-2787: EvalInSandbox allows remote attackers
to gain privileges via javascript that calls the valueOf method on
objects that were created outside of the sandbox.

MFSA 2006-32/CVE-2006-2780: An Integer overflow allows remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via "jsstr tagify," which leads to memory corruption.

MFSA 2006-32/CVE-2006-2779: Firefox allow remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via (1)
nested

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »