SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Mozilla Seamonkey Vendors:   Mozilla.org
Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016587
SecurityTracker URL:  http://securitytracker.com/id/1016587
CVE Reference:   CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812   (Links to External Site)
Date:  Jul 27 2006
Impact:   Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0.2 and prior versions
Description:   A vulnerability was reported in Mozilla Seamonkey. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can execute arbitrary scripting code in the context of an arbitrary domain.

A remote user can create a specially crafted HTML that, when loaded by the target user, will cause the target user's browser to crash or execute arbitrary code. The code will run with the privileges of the target user.

A flaw in the processing of simultaneously XPCOM events may cause a deleted timer object to be used, causing the browser to crash or execute arbitrary code [MFSA 2006-46; CVE-2006-3113]. Secunia Research discovered this vulnerability.

A web page containing Java can reference the window.navigator object but change the object before Java is started to execute native code [MFSA 2006-45; CVE-2006-3677]. TippingPoint reported this vulnerability.

The browser may not properly clear a JavaScript reference to a frame or window when the referenced content is deleted, allowing native code to be executed [MFSA 2006-44; CVE-2006-3801]. Thilo Girmann discovered this vulnerability.

A web page can hijack native DOM methods on a target document object in a different domain to cause arbitrary scripting code to run in the target domain [MFSA 2006-47; CVE-2006-3802]. Thor Larholm discovered this vulnerability.

A script can redefine the standard Object() constructor of a named Javascript function to return a reference to a privileged target object, allowing the script to execute with elevated privileges [MFSA 2006-51; CVE-2006-3807]. moz_bug_r_a4 discovered this vulnerability.

A race condition in Javascript garbage collection may cause a temporary variable to be deleted while still being used to create a new Function object [MFSA 2006-48; CVE-2006-3803]. This may allow a remote user to execute arbitrary code. H. D. Moore discovered this vulnerability.

A VCard attachment with a specially crafted base64 field (such as a photo) can trigger a heap buffer overwrite [MFSA 2006-49; CVE-2006-3804]. Mozilla developer Daniel Veditz discovered this vulnerability.

Some garbage collection functions may delete temporary objects that are still in use, which may allow a remote user to execute arbitrary code [MFSA 2006-50; CVE-2006-3805]. Mozilla developers Igor Bukanov and shutdown discovered this vulnerability.

Some integer overflows can be triggered by long strings in the toSource() methods of the Object, Array, and String objects and string function arguments [MFSA 2006-50; CVE-2006-3806]. Mozilla developer Georgi Guninski discovered this vulnerability.

A Proxy AutoConfig (PAC) server can send a specially crafted PAC script that sets the required FindProxyForURL function to the eval method on a privileged object that has leaked into the PAC sandbox to execute code with elevated privileges [MFSA 2006-52; CVE-2006-3808]. moz_bug_r_a4 discovered this vulnerability.

A script that has been granted the UniversalBrowserRead privilege can gain UniversalXPConnect privileges [MFSA 2006-53; CVE-2006-3809]. Mozilla developer shutdown reported this vulnerability.

A remote user can invoke XPCNativeWrapper(window).Function(...) to create a function that can execute in a target window, permitting cross-site scripting attacks [MFSA 2006-54; CVE-2006-3810]. Mozilla developer shutdown reported this vulnerability.

A remote user can trigger any of several memory corruption errors, causing the target user's browser to crash or potentially execute arbitrary code [MFSA 2006-55; CVE-2006-3811]. Mozilla developers Boris Zbarsky, Darin Fisher, Daniel Veditz, Jesse Ruderman, and Martijn Wargers discovered these vulnerabilities.

A chrome URL can be made to reference remote files, which can run scripts with full privileges [MFSA 2006-56; CVE-2006-3812]. Benjamin Smedberg discovered this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can execute arbitrary scripting code in the context of an arbitrary domain.

Solution:   The vendor has issued a fixed version (1.0.3).

The Mozilla advisories are available at:

http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
http://www.mozilla.org/security/announce/2006/mfsa2006-56.html

Vendor URL:  www.mozilla.org/projects/seamonkey/ (Links to External Site)
Cause:   Access control error, Boundary error, State error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 27 2006 (Red Hat Issues Fix) Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 3.
Aug 2 2006 (Red Hat Issues Fix) Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 4.
Aug 28 2006 (Red Hat Issues Fix) Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix for Seamonkey on Red Hat Enterprise Linux 2.1.



 Source Message Contents

Date:  Thu, 27 Jul 2006 01:32:52 -0400
Subject:  Mozilla SeaMonkey vulnerabilities


CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812

MFSA 2006-56  chrome: scheme loading remote content CVE-2006-3812
MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5) CVE-2006-3811
MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...) CVE-2006-3810
MFSA 2006-53 UniversalBrowserRead privilege escalation CVE-2006-3809
MFSA 2006-52 PAC privilege escalation using Function.prototype.call CVE-2006-3808
MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()" CVE-2006-3807
MFSA 2006-50 JavaScript engine vulnerabilities CVE-2006-3805, CVE-2006-3806
MFSA 2006-48 JavaScript new Function race condition CVE-2006-3803
MFSA 2006-47 Native DOM methods can be hijacked across domains CVE-2006-3802
MFSA 2006-46 Memory corruption with simultaneous events CVE-2006-3113
MFSA 2006-45 Javascript navigator Object Vulnerability CVE-2006-3677
MFSA 2006-44 Code execution through deleted frame reference CVE-2006-3801
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC