219682 – CVE-2006-6497 Multiple Firefox issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)

Bug 219682 - CVE-2006-6497 Multiple Firefox issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)

Summary: CVE-2006-6497 Multiple Firefox issues (CVE-2006-6498, CVE-2006-6501, CVE-2006...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	firefox
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	urgent
Target Milestone:	---
Target Release:	---
Assignee:	Christopher Aillon
QA Contact:
Docs Contact:
URL:
Whiteboard:	impact=critical,source=mozilla,report...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-12-14 19:11 UTC by Josh Bressers
Modified:	2007-11-30 22:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:	RHSA-2006-0758
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-12-19 22:40:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2006:0758	0	normal	SHIPPED_LIVE	Critical: firefox security update	2006-12-19 22:40:38 UTC

Description Josh Bressers 2006-12-14 19:11:18 UTC

The Mozilla project is releasing Firefox 1.5.0.9 to fix several flaws:

mfsa2006-68
impact=critical,source=mozilla,reported=20061212,public=20061219

    As part of the Firefox 2.0.0.1 and 1.5.0.9 update releases we fixed several 
    bugs to improve the stability of the product. Some of these were crashes 
    that showed evidence of memory corruption and we presume that at least some 
    of these could be exploited to run arbitrary code with enough effort.

    CVE-2006-6497
    Andrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay and 
    Vladimir Vukicevic reported crashes in the layout engine

    CVE-2006-6498
    Igor Bukanov, Jesse Ruderman and moz_bug_r_a4 reported potential memory 
    corruption in the JavaScript engine

mfsa2006-70
CVE-2006-6501
impact=critical,source=mozilla,reported=20061212,public=20061219

    Shutdown demonstrated that it was possible to use a JavaScript watch() to 
    gain elevated privilege. This could be used to compromise the user's 
    computer and install malware.

mfsa2006-71
CVE-2006-6502
impact=critical,source=mozilla,reported=20061212,public=20061219

    Steven Michaud reported a crash in LiveConnect, the bridge code that allows 
    Java applets and web JavaScript to communicate. The crash is due to re-use 
    of an already-freed object and we presume this could be exploited with 
    enough effort.

mfsa2006-72
CVE-2006-6503
impact=moderate,source=mozilla,reported=20061212,public=20061219

    moz_bug_r_a4 reported that the src attribute of an IMG element loaded in a 
    frame could be changed to a javascript: URI that was able to bypass the 
    protections against cross-site script (XSS) injection. The injected script 
    could steal credentials and financial data, or perform destructive actions 
    on behalf of a logged-in user.

mfsa2006-73
CVE-2006-6504
impact=critical,source=mozilla,reported=20061212,public=20061219

    An anonymous researcher for TippingPoint and the Zero Day Initiative reports 
    that attempting to append an SVG comment DOM node from one document into 
    another type of document results in memory corruption that can be exploited 
    to run arbitrary code.

Comment 3 Josh Bressers 2006-12-19 18:52:06 UTC

Lifting embargo

Comment 4 Red Hat Bugzilla 2006-12-19 22:40:43 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0758.html

Note You need to log in before you can comment on or make changes to this bug.