SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#606260

Mozilla Layout Engine vulnerability

Overview

A vulnerability exists in the Mozilla Layout Engine that may allow a remote attacker to compromise a vulnerable system.

I. Description

The Mozilla Layout Engine contains an unspecified vulnerability that may result in memory corruption. The impact of this memory corruption is unclear. According to Mozilla Foundation Security Advisory 2006-68:

    Some of these were crashes that showed evidence of memory corruption and we presume that at least some of these could be exploited to run arbitrary code with enough effort.

II. Impact

The specific consequences of this vulnerability are not clear, but may include execution of arbitrary code and denial of service.

III. Solution

Apply an update

According to the Mozilla Foundation Security Update 2006-68, this vulnerability is addressed in Firefox 2.0.0.1, Firefox 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7.

Disable JavaScript

For instructions on how to disable JavaScript in Firefox, please refer to the Firefox section of the Securing Your Web Browser document.

Systems Affected

VendorStatusDate NotifiedDate Updated
Fedora ProjectVulnerable18-Jan-2007
Gentoo LinuxVulnerable18-Jan-2007
Mandriva, Inc.Vulnerable18-Jan-2007
MozillaVulnerable20-Dec-2006
Red Hat, Inc.Vulnerable18-Jan-2007
rPathVulnerable18-Jan-2007
Slackware Linux Inc.Vulnerable18-Jan-2007
SUSE LinuxVulnerable18-Jan-2007
UbuntuVulnerable18-Jan-2007

References


http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
https://bugzilla.mozilla.org/show_bug.cgi?id=322345
https://bugzilla.mozilla.org/show_bug.cgi?id=335047
https://bugzilla.mozilla.org/show_bug.cgi?id=339494
https://bugzilla.mozilla.org/show_bug.cgi?id=348304
https://bugzilla.mozilla.org/show_bug.cgi?id=354766
https://bugzilla.mozilla.org/show_bug.cgi?id=359203
https://bugzilla.mozilla.org/show_bug.cgi?id=360293
https://bugzilla.mozilla.org/show_bug.cgi?id=360642
http://secunia.com/advisories/23420/
http://secunia.com/advisories/23591/
http://secunia.com/advisories/23598/
http://secunia.com/advisories/23439/
http://secunia.com/advisories/23514/
http://secunia.com/advisories/23545/
http://secunia.com/advisories/23601/
http://secunia.com/advisories/23614/
http://secunia.com/advisories/23618/
http://secunia.com/advisories/23692/
http://secunia.com/advisories/23988/
http://secunia.com/advisories/23420/
http://secunia.com/advisories/23591/
http://secunia.com/advisories/23598/
http://www.securityfocus.com/bid/21668

Credit

This vulnerability was reported in Mozilla Foundation Security Advisory 2006-68. Mozilla credits Andrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay and Vladimir Vukicevic with providing information about this issue.

This document was written by Chris Taschner.

Other Information

Date Public:2006-12-19
Date First Published:2006-12-20
Date Last Updated:2007-02-07
CERT Advisory: 
CVE-ID(s):CVE-2006-6497
NVD-ID(s):CVE-2006-6497
US-CERT Technical Alerts: 
Metric:4.13
Document Revision:29

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader