Bug 219684

Summary: CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
Product: Red Hat Enterprise Linux 4 Reporter: Josh Bressers <bressers>
Component: seamonkeyAssignee: Christopher Aillon <caillon>
Status: CLOSED ERRATA QA Contact: Ben Levenson <benl>
Severity: urgent Docs Contact:
Priority: medium    
Version: 4.0CC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=critical,source=mozilla,reported=20061212,public=20061219
Fixed In Version: RHSA-2006-0759 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-12-19 22:31:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2006-12-14 19:18:31 UTC 
+++ This bug was initially created as a clone of Bug #219682 +++

The Mozilla project is releasing Firefox 1.5.0.9 to fix several flaws:

mfsa2006-68
impact=critical,source=mozilla,reported=20061212,public=20061219

    As part of the Firefox 2.0.0.1 and 1.5.0.9 update releases we fixed several 
    bugs to improve the stability of the product. Some of these were crashes 
    that showed evidence of memory corruption and we presume that at least some 
    of these could be exploited to run arbitrary code with enough effort.

    CVE-2006-6497
    Andrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay and 
    Vladimir Vukicevic reported crashes in the layout engine

    CVE-2006-6498
    Igor Bukanov, Jesse Ruderman and moz_bug_r_a4 reported potential memory 
    corruption in the JavaScript engine

mfsa2006-70
CVE-2006-6501
impact=critical,source=mozilla,reported=20061212,public=20061219

    Shutdown demonstrated that it was possible to use a JavaScript watch() to 
    gain elevated privilege. This could be used to compromise the user's 
    computer and install malware.

mfsa2006-71
CVE-2006-6502
impact=critical,source=mozilla,reported=20061212,public=20061219

    Steven Michaud reported a crash in LiveConnect, the bridge code that allows 
    Java applets and web JavaScript to communicate. The crash is due to re-use 
    of an already-freed object and we presume this could be exploited with 
    enough effort.

mfsa2006-72
CVE-2006-6503
impact=moderate,source=mozilla,reported=20061212,public=20061219

    moz_bug_r_a4 reported that the src attribute of an IMG element loaded in a 
    frame could be changed to a javascript: URI that was able to bypass the 
    protections against cross-site script (XSS) injection. The injected script 
    could steal credentials and financial data, or perform destructive actions 
    on behalf of a logged-in user.

mfsa2006-73
CVE-2006-6504
impact=critical,source=mozilla,reported=20061212,public=20061219

    An anonymous researcher for TippingPoint and the Zero Day Initiative reports 
    that attempting to append an SVG comment DOM node from one document into 
    another type of document results in memory corruption that can be exploited 
    to run arbitrary code.

mfsa2006-74
CVE-2006-6505
impact=critical,source=mozilla,reported=20061212,public=20061219

    Georgi Guninski reported that long Content-Type headers in external message 
    bodies could cause a heap buffer overflow when processing mail headers. 
    While working on that code David Bienvenu discovered a similar overflow 
    could occur when processing long rfc2047-encoded headers.
Comment 1 Josh Bressers 2006-12-14 19:21:06 UTC 
These flaws also affect RHEL2.1 and RHEL3
Comment 4 Josh Bressers 2006-12-19 18:51:41 UTC 
Lifting embargo
Comment 5 Red Hat Bugzilla 2006-12-19 22:31:15 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0759.html