188845 – CVE-2006-0748 Table Rebuilding Code Execution Vulnerability

Bug 188845 - CVE-2006-0748 Table Rebuilding Code Execution Vulnerability

Summary: CVE-2006-0748 Table Rebuilding Code Execution Vulnerability

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	urgent
Target Milestone:	---
Assignee:	Christopher Aillon
QA Contact:
Docs Contact:
URL:
Whiteboard:	reported=20060412,source=mozilla,emba...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-04-13 03:37 UTC by Josh Bressers
Modified:	2007-11-30 22:11 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-04-27 12:54:19 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2006-04-13 03:37:32 UTC

Table Rebuilding Code Execution Vulnerability


TippingPoint  and  the Zero Day Initiative reports that an invalid and
non-sensical ordering of table-related tags causes Mozilla to use a negative
array index. This invalid memory use can be exploited to run code of the
attacker's choice.

Workaround

Upgrade to fixed version.

Although JavaScript is not involved in the vulnerability itself, disabling
JavaScript may prevent an attacker from effectively preparing memory in
order to carry out the exploit.

References

[1]ZDI-06-010
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=328937
CVE-2006-0478


This issue also affects FC4

Comment 1 Josh Bressers 2006-04-24 13:10:13 UTC

Lifting Embargo

Comment 2 Josh Bressers 2006-04-27 12:54:19 UTC

These issues have been resolved in FEDORA-2006-411 for FC5 and FEDORA-2006-410
for FC4

Note You need to log in before you can comment on or make changes to this bug.