|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#606260
Mozilla Layout Engine vulnerability
OverviewA vulnerability exists in the Mozilla Layout Engine that may allow a remote attacker to compromise a vulnerable system.
I. DescriptionThe Mozilla Layout Engine contains an unspecified vulnerability that may result in memory corruption. The impact of this memory corruption is unclear. According to Mozilla Foundation Security Advisory 2006-68:
Some of these were crashes that showed evidence of memory corruption and we presume that at least some of these could be exploited to run arbitrary code with enough effort.
II. ImpactThe specific consequences of this vulnerability are not clear, but may include execution of arbitrary code and denial of service.
III. SolutionApply an update
According to the Mozilla Foundation Security Update 2006-68, this vulnerability is addressed in Firefox 2.0.0.1, Firefox 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7.
Disable JavaScript
For instructions on how to disable JavaScript in Firefox, please refer to the Firefox section of the Securing Your Web Browser document.
Systems Affected
References
http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
https://bugzilla.mozilla.org/show_bug.cgi?id=322345
https://bugzilla.mozilla.org/show_bug.cgi?id=335047
https://bugzilla.mozilla.org/show_bug.cgi?id=339494
https://bugzilla.mozilla.org/show_bug.cgi?id=348304
https://bugzilla.mozilla.org/show_bug.cgi?id=354766
https://bugzilla.mozilla.org/show_bug.cgi?id=359203
https://bugzilla.mozilla.org/show_bug.cgi?id=360293
https://bugzilla.mozilla.org/show_bug.cgi?id=360642
http://secunia.com/advisories/23420/
http://secunia.com/advisories/23591/
http://secunia.com/advisories/23598/
http://secunia.com/advisories/23439/
http://secunia.com/advisories/23514/
http://secunia.com/advisories/23545/
http://secunia.com/advisories/23601/
http://secunia.com/advisories/23614/
http://secunia.com/advisories/23618/
http://secunia.com/advisories/23692/
http://secunia.com/advisories/23988/
http://secunia.com/advisories/23420/
http://secunia.com/advisories/23591/
http://secunia.com/advisories/23598/
http://www.securityfocus.com/bid/21668
Credit
This vulnerability was reported in Mozilla Foundation Security Advisory 2006-68. Mozilla credits Andrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay and Vladimir Vukicevic with providing information about this issue.
This document was written by Chris Taschner.
Other Information
| Date Public: | 2006-12-19 |
| Date First Published: | 2006-12-20 |
| Date Last Updated: | 2007-02-07 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2006-6497 |
| NVD-ID(s): | CVE-2006-6497 |
| US-CERT Technical Alerts: | |
| Metric: | 4.13 |
| Document Revision: | 29 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|