Date: 18 April 2006
References: ESB-2006.0267 ESB-2006.0281 ESB-2006.0285 ESB-2006.0297 ESB-2006.0303 ESB-2006.0318 ESB-2006.0617 ESB-2006.0682 ESB-2006.0687 ESB-2007.0004
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
A U S C E R T A L E R T
AL-2006.0027 -- AUSCERT ALERT
[Win][UNIX/Linux]
Mozilla Products Contain Multiple Vulnerabilities
18 April 2006
===========================================================================
AusCERT Alert Summary
---------------------
Product: Mozilla browser, email and newsgroup client
Mozilla SeaMonkey prior to version 1.0.1
Firefox prior to version 1.5.0.2
Thunderbird prior to version 1.5.0.2
Mozilla Suite
Publisher: US-CERT
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2006-1739 CVE-2006-1735 CVE-2006-1734
CVE-2006-1733 CVE-2006-1730 CVE-2006-1728
CVE-2006-1726 CVE-2006-1724 CVE-2006-0749
Original Bulletin:
http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_April_2006
http://www.mozilla.org/security/announce/
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-107A
Mozilla Products Contain Multiple Vulnerabilities
Original release date: April 17, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Mozilla web browser, email and newsgroup client
* Mozilla SeaMonkey
* Firefox web browser
* Thunderbird email client
* Mozilla Suite
Any products based on Mozilla components, particularly Gecko may also
be affected.
Overview
The Mozilla web browser and derived products contain several
vulnerabilities, the most serious of which could allow a remote
attacker to execute arbitrary code on an affected system.
I. Description
Several vulnerabilities have been reported in the Mozilla web browser
and derived products. More detailed information is available in the
individual vulnerability notes, including:
VU#932734 - Mozilla crypto.generateCRMFRequest() vulnerability
A vulnerability exists in the Mozilla JavaScript routine
generateCRMFRequest() that may allow a remote attacker to execute
arbitrary code.
(CVE-2006-1728)
VU#968814 - Mozilla JavaScript security bypass vulnerability
Mozilla products fail to properly enforce security restrictions in
JavaScript. This vulnerability may allow a remote, unauthenticated
attacker to execute arbitrary code.
(CVE-2006-1726)
VU#179014 - Mozilla CSS integer overflow vulnerability
Mozilla products contain an integer overflow that could allow a
remote, unauthenticated attacker to execute arbitrary code.
(CVE-2006-1730)
VU#488774 - Mozilla XBL binding vulnerability
Mozilla products fail to properly restrict access to privileged XBL
bindings. This vulnerability may allow a remote, unauthenticated
attacker to execute arbitrary code.
(CVE-2006-1733)
VU#842094 - Mozilla JavaScript cloned parent vulnerability
Mozilla products fail to properly restrict access to a JavaScript
functions cloned parent. This vulnerability may allow a remote
attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-1734)
VU#813230 - Mozilla products vulnerable to privilege escalation via
XBL.method.eval
A vulnerability in the way Mozilla products and derivative programs
handle certain XBL methods could allow a remote attacker to execute
arbitrary code on a vulnerable system.
(CVE-2006-1735)
VU#736934 - Mozilla products vulnerable to memory corruption via a
particular sequence of HTML tags
A vulnerability in the way Mozilla products and derivative programs
handle certain HTML tags could allow a remote attacker to execute
arbitrary code on a vulnerable system.
(CVE-2006-0749)
VU#935556 - Mozilla products may allow CSS border-rendering code to
write past the end of an array
A vulnerability in the way Mozilla products and derivative programs
handle certain CSS methods could allow a remote attacker to crash the
application or execute arbitrary code on a vulnerable system.
(CVE-2006-1739)
VU#350262 - Mozilla DHTML memory corruption vulnerabilities
Mozilla products contain to multiple, unspecified vulnerabilities in
the way they handle DHTML. These vulnerabilities may allow a remote
attacker to execute arbitrary code or cause a denial-of-service
condition.
(CVE-2006-1724)
VU#252324 - Mozilla display style vulnerability
Mozilla products contain an unspecified vulnerability in the way they
handle display styles. This vulnerability may allow a remote attacker
to execute arbitrary code or cause a denial-of-service condition.
VU#329500 - Mozilla products vulnerable to memory corruption via large
regular expression in JavaScript
A vulnerability in the way the JavaScript engine of Mozilla products
and derivative programs handles a large regular expression could allow
a remote attacker to crash the application or execute arbitrary code
on a vulnerable system.
II. Impact
The most severe impact of these vulnerabilities could allow a remote
attacker to execute arbitrary code with the privileges of the user
running the affected application. Other effects include a denial of
service or local information disclosure.
III. Solution
Upgrade
Upgrade to Mozilla Firefox 1.5.0.2, Mozilla Thunderbird 1.5.0.2, or
SeaMonkey 1.0.1. According to Mozilla.org, Thunderbird 1.5.0.2 is
to be released on April 18, 2006.
Users are strongly encourages to apply the workarounds described in
the individual vulnerability notes until updates can be applied.
Appendix A. References
* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/security/announce/>
* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/projects/security/known-vulnerabilities.ht
ml>
* US-CERT Vulnerability Note VU#932734 -
<http://www.kb.cert.org/vuls/id/932734>
* US-CERT Vulnerability Note VU#968814 -
<http://www.kb.cert.org/vuls/id/968814>
* US-CERT Vulnerability Note VU#179014 -
<http://www.kb.cert.org/vuls/id/179014>
* US-CERT Vulnerability Note VU#488774 -
<http://www.kb.cert.org/vuls/id/488774>
* US-CERT Vulnerability Note VU#842094 -
<http://www.kb.cert.org/vuls/id/842094>
* US-CERT Vulnerability Note VU#813230 -
<http://www.kb.cert.org/vuls/id/813230>
* US-CERT Vulnerability Note VU#736934 -
<http://www.kb.cert.org/vuls/id/736934>
* US-CERT Vulnerability Note VU#935556 -
<http://www.kb.cert.org/vuls/id/935556>
* US-CERT Vulnerability Note VU#350262 -
<http://www.kb.cert.org/vuls/id/350262>
* US-CERT Vulnerability Note VU#252324 -
<http://www.kb.cert.org/vuls/id/252324>
* US-CERT Vulnerability Note VU#329500 -
<http://www.kb.cert.org/vuls/id/329500>
* US-CERT Vulnerability Notes Related to April Mozilla Security
Advisories -
<http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_April_2
006>
* CVE-2006-1726 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1726>
* CVE-2006-1728 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728>
* CVE-2006-1730 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730>
* CVE-2006-1733 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733>
* CVE-2006-1734 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734>
* CVE-2006-1735 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735>
* CVE-2006-0749 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749>
* CVE-2006-1739 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739>
* CVE-2006-1724 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1724>
* Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/>
* Thunderbird - Reclaim your inbox -
<http://www.mozilla.com/thunderbird/>
* The SeaMonkey Project -
<http://www.mozilla.org/projects/seamonkey/>
* Mozilla Suite - The All-in-One Internet Application Suite -
<http://www.mozilla.org/products/mozilla1.x/>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/browser_secu
rity.html#Mozilla_Firefox>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-107A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA06-107A Feedback VU#968814" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Apr 17, 2006: Initial release
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBREPpeH0pj593lg50AQI+OAf+LX6BsGayLqa86k2b32AUxeVYDiypaMEU
qriPcS7dNs1d4DG642cdXQFZeqVwd0n4IDuvRdwQfYYriDSwtASIZ3AHIkk0V/rd
+9pJqPhxJ21ykRDbH+2pIrLb2Ph4oN3RLZRfec/SxfgXqq5KF4Vf6ARkU1KNehnF
uD05huAn885W8dlmGAnNk5G5xgf6Bzd74UeYJws3zBSNqdUG9LSg16O7y1kP6uUk
wvXFkf1IMFjYhVuTMto763vEnmU3pBUoxnKpwgleD9NfCobYbn0h+Hq3QpS440u5
1xMXCu/98aB3Zqsv717uJ+glD4VJ9T8EIEa4pW1qm3180XBpsN2ZQQ==
=2rzE
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBREQ4YCh9+71yA2DNAQK5jQP+JC3dMRt8Z9WjsZz61dUHK9eXAfXEnSl2
QbSGuEu4i42mNzqPyYeyiG1pOKUClbpIWBKhndvpxLsYlXbxZXAAGFoXN1GezdMo
J85yb0C/emAh1YJwRvMJLrjo/ziLrpJ3pcJ4rbjKsma+P66UYw69wsbkWYfX19Bw
j3GFwRm1DXk=
=xD3j
-----END PGP SIGNATURE-----
|