Bug 188845

Summary: CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: firefoxAssignee: Christopher Aillon <caillon>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: medium    
Version: 5CC: djuran, security-response-team, wtogami
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: reported=20060412,source=mozilla,embargo=yes,impact=critical
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-04-27 12:54:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2006-04-13 03:37:32 UTC
Table Rebuilding Code Execution Vulnerability


TippingPoint  and  the Zero Day Initiative reports that an invalid and
non-sensical ordering of table-related tags causes Mozilla to use a negative
array index. This invalid memory use can be exploited to run code of the
attacker's choice.

Workaround

Upgrade to fixed version.

Although JavaScript is not involved in the vulnerability itself, disabling
JavaScript may prevent an attacker from effectively preparing memory in
order to carry out the exploit.

References

[1]ZDI-06-010
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=328937
CVE-2006-0478


This issue also affects FC4

Comment 1 Josh Bressers 2006-04-24 13:10:13 UTC
Lifting Embargo

Comment 2 Josh Bressers 2006-04-27 12:54:19 UTC
These issues have been resolved in FEDORA-2006-411 for FC5 and FEDORA-2006-410
for FC4