Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID: 1016587|
SecurityTracker URL: http://securitytracker.com/id/1016587
CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812
(Links to External Site)
Date: Jul 27 2006
Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 1.0.2 and prior versions|
A vulnerability was reported in Mozilla Seamonkey. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can execute arbitrary scripting code in the context of an arbitrary domain.|
A remote user can create a specially crafted HTML that, when loaded by the target user, will cause the target user's browser to crash or execute arbitrary code. The code will run with the privileges of the target user.
A flaw in the processing of simultaneously XPCOM events may cause a deleted timer object to be used, causing the browser to crash or execute arbitrary code [MFSA 2006-46; CVE-2006-3113]. Secunia Research discovered this vulnerability.
A web page containing Java can reference the window.navigator object but change the object before Java is started to execute native code [MFSA 2006-45; CVE-2006-3677]. TippingPoint reported this vulnerability.
A web page can hijack native DOM methods on a target document object in a different domain to cause arbitrary scripting code to run in the target domain [MFSA 2006-47; CVE-2006-3802]. Thor Larholm discovered this vulnerability.
A VCard attachment with a specially crafted base64 field (such as a photo) can trigger a heap buffer overwrite [MFSA 2006-49; CVE-2006-3804]. Mozilla developer Daniel Veditz discovered this vulnerability.
Some garbage collection functions may delete temporary objects that are still in use, which may allow a remote user to execute arbitrary code [MFSA 2006-50; CVE-2006-3805]. Mozilla developers Igor Bukanov and shutdown discovered this vulnerability.
Some integer overflows can be triggered by long strings in the toSource() methods of the Object, Array, and String objects and string function arguments [MFSA 2006-50; CVE-2006-3806]. Mozilla developer Georgi Guninski discovered this vulnerability.
A Proxy AutoConfig (PAC) server can send a specially crafted PAC script that sets the required FindProxyForURL function to the eval method on a privileged object that has leaked into the PAC sandbox to execute code with elevated privileges [MFSA 2006-52; CVE-2006-3808]. moz_bug_r_a4 discovered this vulnerability.
A script that has been granted the UniversalBrowserRead privilege can gain UniversalXPConnect privileges [MFSA 2006-53; CVE-2006-3809]. Mozilla developer shutdown reported this vulnerability.
A remote user can invoke XPCNativeWrapper(window).Function(...) to create a function that can execute in a target window, permitting cross-site scripting attacks [MFSA 2006-54; CVE-2006-3810]. Mozilla developer shutdown reported this vulnerability.
A remote user can trigger any of several memory corruption errors, causing the target user's browser to crash or potentially execute arbitrary code [MFSA 2006-55; CVE-2006-3811]. Mozilla developers Boris Zbarsky, Darin Fisher, Daniel Veditz, Jesse Ruderman, and Martijn Wargers discovered these vulnerabilities.
A chrome URL can be made to reference remote files, which can run scripts with full privileges [MFSA 2006-56; CVE-2006-3812]. Benjamin Smedberg discovered this vulnerability.
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.|
A remote user can execute arbitrary scripting code in the context of an arbitrary domain.
The vendor has issued a fixed version (1.0.3).|
The Mozilla advisories are available at:
Vendor URL: www.mozilla.org/projects/seamonkey/ (Links to External Site)
Access control error, Boundary error, State error|
|Underlying OS: Linux (Any), UNIX (Any), Windows (Any)|
This archive entry has one or more follow-up message(s) listed below.|
Source Message Contents
[Original Message Not Available for Viewing]