-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-107A Mozilla Products Contain Multiple Vulnerabilities Original release date: April 17, 2006 Last revised: -- Source: US-CERT Systems Affected * Mozilla web browser, email and newsgroup client * Mozilla SeaMonkey * Firefox web browser * Thunderbird email client * Mozilla Suite Any products based on Mozilla components, particularly Gecko may also be affected. Overview The Mozilla web browser and derived products contain several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. I. Description Several vulnerabilities have been reported in the Mozilla web browser and derived products. More detailed information is available in the individual vulnerability notes, including: VU#932734 - Mozilla crypto.generateCRMFRequest() vulnerability A vulnerability exists in the Mozilla JavaScript routine generateCRMFRequest() that may allow a remote attacker to execute arbitrary code. (CVE-2006-1728) VU#968814 - Mozilla JavaScript security bypass vulnerability Mozilla products fail to properly enforce security restrictions in JavaScript. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. (CVE-2006-1726) VU#179014 - Mozilla CSS integer overflow vulnerability Mozilla products contain an integer overflow that could allow a remote, unauthenticated attacker to execute arbitrary code. (CVE-2006-1730) VU#488774 - Mozilla XBL binding vulnerability Mozilla products fail to properly restrict access to privileged XBL bindings. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. (CVE-2006-1733) VU#842094 - Mozilla JavaScript cloned parent vulnerability Mozilla products fail to properly restrict access to a JavaScript functions cloned parent. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-1734) VU#813230 - Mozilla products vulnerable to privilege escalation via XBL.method.eval A vulnerability in the way Mozilla products and derivative programs handle certain XBL methods could allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-1735) VU#736934 - Mozilla products vulnerable to memory corruption via a particular sequence of HTML tags A vulnerability in the way Mozilla products and derivative programs handle certain HTML tags could allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-0749) VU#935556 - Mozilla products may allow CSS border-rendering code to write past the end of an array A vulnerability in the way Mozilla products and derivative programs handle certain CSS methods could allow a remote attacker to crash the application or execute arbitrary code on a vulnerable system. (CVE-2006-1739) VU#350262 - Mozilla DHTML memory corruption vulnerabilities Mozilla products contain to multiple, unspecified vulnerabilities in the way they handle DHTML. These vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. (CVE-2006-1724) VU#252324 - Mozilla display style vulnerability Mozilla products contain an unspecified vulnerability in the way they handle display styles. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. VU#329500 - Mozilla products vulnerable to memory corruption via large regular expression in JavaScript A vulnerability in the way the JavaScript engine of Mozilla products and derivative programs handles a large regular expression could allow a remote attacker to crash the application or execute arbitrary code on a vulnerable system. II. Impact The most severe impact of these vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the user running the affected application. Other effects include a denial of service or local information disclosure. III. Solution Upgrade Upgrade to Mozilla Firefox 1.5.0.2, Mozilla Thunderbird 1.5.0.2, or SeaMonkey 1.0.1. According to Mozilla.org, Thunderbird 1.5.0.2 is to be released on April 18, 2006. Users are strongly encourages to apply the workarounds described in the individual vulnerability notes until updates can be applied. Appendix A. References * Mozilla Foundation Security Advisories - <http://www.mozilla.org/security/announce/> * Mozilla Foundation Security Advisories - <http://www.mozilla.org/projects/security/known-vulnerabilities.ht ml> * US-CERT Vulnerability Note VU#932734 - <http://www.kb.cert.org/vuls/id/932734> * US-CERT Vulnerability Note VU#968814 - <http://www.kb.cert.org/vuls/id/968814> * US-CERT Vulnerability Note VU#179014 - <http://www.kb.cert.org/vuls/id/179014> * US-CERT Vulnerability Note VU#488774 - <http://www.kb.cert.org/vuls/id/488774> * US-CERT Vulnerability Note VU#842094 - <http://www.kb.cert.org/vuls/id/842094> * US-CERT Vulnerability Note VU#813230 - <http://www.kb.cert.org/vuls/id/813230> * US-CERT Vulnerability Note VU#736934 - <http://www.kb.cert.org/vuls/id/736934> * US-CERT Vulnerability Note VU#935556 - <http://www.kb.cert.org/vuls/id/935556> * US-CERT Vulnerability Note VU#350262 - <http://www.kb.cert.org/vuls/id/350262> * US-CERT Vulnerability Note VU#252324 - <http://www.kb.cert.org/vuls/id/252324> * US-CERT Vulnerability Note VU#329500 - <http://www.kb.cert.org/vuls/id/329500> * US-CERT Vulnerability Notes Related to April Mozilla Security Advisories - <http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_April_2 006> * CVE-2006-1726 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1726> * CVE-2006-1728 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728> * CVE-2006-1730 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730> * CVE-2006-1733 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733> * CVE-2006-1734 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734> * CVE-2006-1735 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735> * CVE-2006-0749 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749> * CVE-2006-1739 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739> * CVE-2006-1724 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1724> * Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/> * Thunderbird - Reclaim your inbox - <http://www.mozilla.com/thunderbird/> * The SeaMonkey Project - <http://www.mozilla.org/projects/seamonkey/> * Mozilla Suite - The All-in-One Internet Application Suite - <http://www.mozilla.org/products/mozilla1.x/> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/browser_secu rity.html#Mozilla_Firefox> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-107A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@xxxxxxxx> with "TA06-107A Feedback VU#968814" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History Apr 17, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBREPpeH0pj593lg50AQI+OAf+LX6BsGayLqa86k2b32AUxeVYDiypaMEU qriPcS7dNs1d4DG642cdXQFZeqVwd0n4IDuvRdwQfYYriDSwtASIZ3AHIkk0V/rd +9pJqPhxJ21ykRDbH+2pIrLb2Ph4oN3RLZRfec/SxfgXqq5KF4Vf6ARkU1KNehnF uD05huAn885W8dlmGAnNk5G5xgf6Bzd74UeYJws3zBSNqdUG9LSg16O7y1kP6uUk wvXFkf1IMFjYhVuTMto763vEnmU3pBUoxnKpwgleD9NfCobYbn0h+Hq3QpS440u5 1xMXCu/98aB3Zqsv717uJ+glD4VJ9T8EIEa4pW1qm3180XBpsN2ZQQ== =2rzE -----END PGP SIGNATURE-----