__________________________________________________________
	
						   The U.S. Department of Energy
					   Computer Incident Advisory Capability
							   ___  __ __    _     ___
							  /       |     /_\   /
							  \___  __|__  /   \  \___
				 __________________________________________________________
	
								 INFORMATION BULLETIN
	
			   Multiple Security Vulnerabilities in Mozilla Layout Engine
								 [Sun Alert ID: 102885]
	
	April 20, 2007 14:00 GMT                                          Number R-215
	[REVISED 25 Apr 2007]
	______________________________________________________________________________
	PROBLEM:       Multiple security vulnerabilities in the Layout Engine in 
				   Mozilla 1.7 may allow a remote user who is able to create pages 
				   that are viewed with the Mozilla browser to crash the 
				   appication or execute arbitrary code with the privileges of the 
				   user running Mozilla. 
				   
	PLATFORM:      SPARC Platform 
					 Mozilla 1.7 (for Solaris 8 and 9) without patch 120671-05 
					 Mozilla 1.7 (for Solaris 10) 
				   
				   x86 Platform 
					 Mozilla 1.7 (for Solaris 8 and 9) without patch 120672-05 
					 Mozilla 1.7 (for Solaris 10) 
				   
				   Note: Mozilla 1.4 may be vulnerable to one or more of these 
				   security issues. Customers are advised to upgrade to Mozilla 1.7 
				   to get these security fixes. 
				   
	DAMAGE:        May allow a remote user to crash the application or execute 
				   arbitrary code with the privileges of the user running Mozilla. 
	SOLUTION:      Upgrade to the appropriate version. 
	______________________________________________________________________________
	VULNERABILITY  The risk is MEDIUM. May allow a remote user to crash the 
	ASSESSMENT:    application or execute arbitrary code with the privileges of 
				   the user running Mozilla. 
	______________________________________________________________________________
	LINKS: 
	 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/r-215.shtml 
	 ORIGINAL BULLETIN:  http://www.sunsolve.sun.com/search/document.do?assetkey=1
								   -26-102885-1 
	 CVE:                http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= 
						 CVE-2006-6497 
	______________________________________________________________________________
	REVISION HISTORY:
	04/25/2007 - revised R-215 to reflect changes Sun has made in Sun Alert ID: 102885
                 where they updated Contributing Factors and Resolution sections and 
				 changed State to Resolved.
				 
				 
				 
	[***** Start Sun Alert ID: 102885 *****]
	
	Sun(sm) Alert Notification
	Sun Alert ID: 102885
	Synopsis: Multiple Security Vulnerabilities in Mozilla Layout Engine for Solaris 
	              8, 9 and 10
	Category: Security
	Product: Mozilla v1.7, Solaris 9 Operating System, Solaris 10 Operating System, 
	              Solaris 8 Operating System
	BugIDs: 6508395
	Avoidance: Patch
	State: Resolved
	Date Released: 18-Apr-2007, 23-Apr-2007
	Date Closed: 23-Apr-2007
	Date Modified: 23-Apr-2007
	
	1. Impact
	Multiple security vulnerabilities in the Layout Engine in Mozilla 1.7 may allow 
	a remote user who is able to create pages that are viewed with the Mozilla 
	browser to crash the application or execute arbitrary code with the privileges 
	of the user running Mozilla. The ability of a remote user to cause the Mozilla 
	application to crash is a type of Denial of Service (DoS).
	
	These issues are described in the following documents:
	
	http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
	
	CVE-2006-6497 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497
	
	CERT VU# 606260 at http://www.kb.cert.org/vuls/id/606260
	
	2. Contributing Factors
	These issues can occur in the following releases:
	
	SPARC Platform
	
	Mozilla 1.7 (for Solaris 8 and 9) without patch 120671-05
	Mozilla 1.7 (for Solaris 10) without patch 119115-26
	x86 Platform
	
	Mozilla 1.7 (for Solaris 8 and 9) without patch 120672-05
	Mozilla 1.7 (for Solaris 10) without patch 119116-26
	Note: Mozilla 1.4 may be vulnerable to one or more of these security issues. 
	Customers are advised to upgrade to Mozilla 1.7 to obtain these security fixes.
	
	To determine the version of Mozilla on a Solaris system, the following command 
	can be run:
	
		% /usr/sfw/bin/mozilla -version
		Mozilla 1.7, (Sun Java Desktop System), build 2005031721
		
	3. Symptoms
	There are no predictable symptoms that would indicate the described issues have 
	been exploited.
	
	
	
	Solution Summary Top 
	
	4. Relief/Workaround
	There is no workaround for this issue. Please see the Resolution section below.
	
	
	
	5. Resolution
	These issues are addressed in the following releases:
	
	SPARC Platform
	
	Mozilla 1.7 (for Solaris 8 and 9) with patch 120671-05 or later
	Mozilla 1.7 (for Solaris 10) with patch 119115-26 or later
	x86 Platform
	
	Mozilla 1.7 (for Solaris 8 and 9) with patch 120672-05 or later
	Mozilla 1.7 (for Solaris 10) with patch 119116-26 or later
	
	
	Change History
	23-Apr-2007: 
	Updated Contributing Factors and Resolution sections
	State: Resolved
	
	This Sun Alert notification is being provided to you on an "AS IS" basis. This 
	Sun Alert notification may contain information provided by third parties. The 
	issues described in this Sun Alert notification may or may not impact your 
	system(s). Sun makes no representations, warranties, or guarantees as to the 
	information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, 
	INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
	PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING 
	THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY 
	DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT 
	OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert 
	notification contains Sun proprietary and confidential information. It is being 
	provided to you pursuant to the provisions of your agreement to purchase 
	services from Sun, or, if you do not have such an agreement, the Sun.com Terms 
	of Use. This Sun Alert notification may only be used for the purposes 
	contemplated by these agreements.
	
	
	Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 
	95054 U.S.A. All rights reserved.




	
	
	
	[***** End Sun Alert ID: 102885 *****]
	_______________________________________________________________________________
	
	CIAC wishes to acknowledge the contributions of Sun Microsystems for the 
	information contained in this bulletin.
	_______________________________________________________________________________
	
	
	CIAC, the Computer Incident Advisory Capability, is the computer
	security incident response team for the U.S. Department of Energy
	(DOE) and the emergency backup response team for the National
	Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
	National Laboratory in Livermore, California. CIAC is also a founding
	member of FIRST, the Forum of Incident Response and Security Teams, a
	global organization established to foster cooperation and coordination
	among computer security teams worldwide.
	
	CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
	can be contacted at:
		Voice:    +1 925-422-8193 (7x24)
		FAX:      +1 925-423-8002
		STU-III:  +1 925-423-2604
		E-mail:   ciac@ciac.org
	
	Previous CIAC notices, anti-virus software, and other information are
	available from the CIAC Computer Security Archive.
	
	   World Wide Web:      http://www.ciac.org/
	   Anonymous FTP:       ftp.ciac.org
	
	PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
	communities receive CIAC bulletins.  If you are not part of these
	communities, please contact your agency's response team to report
	incidents. Your agency's team will coordinate with CIAC. The Forum of
	Incident Response and Security Teams (FIRST) is a world-wide
	organization. A list of FIRST member organizations and their
	constituencies can be obtained via WWW at http://www.first.org/.
	
	This document was prepared as an account of work sponsored by an
	agency of the United States Government. Neither the United States
	Government nor the University of California nor any of their
	employees, makes any warranty, express or implied, or assumes any
	legal liability or responsibility for the accuracy, completeness, or
	usefulness of any information, apparatus, product, or process
	disclosed, or represents that its use would not infringe privately
	owned rights. Reference herein to any specific commercial products,
	process, or service by trade name, trademark, manufacturer, or
	otherwise, does not necessarily constitute or imply its endorsement,
	recommendation or favoring by the United States Government or the
	University of California. The views and opinions of authors expressed
	herein do not necessarily state or reflect those of the United States
	Government or the University of California, and shall not be used for
	advertising or product endorsement purposes.
	
	LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
	
	R-205: Mercury Quality Center ActiveX
	R-206: Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points
	R-207: Multiple Vulnerabilities in the Cisco Wireless Control System
	R-208: Internet Pictures Corporation iPIX Image Well ActiveX 
	R-209: HP-UX ICMP Vulnerable to DoS via ICMP Path
	R-210: mandb
	R-211: XMMS
	R-212: Vulnerability in RPC on Windows DNS Server 
	R-213: Oracle Critical Patch Update - April 2007
	R-214: PHP Security Update