This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 219684 - CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-20...
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: seamonkey (Show other bugs)
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Christopher Aillon
Ben Levenson
: Security
Depends On:
  Show dependency treegraph
Reported: 2006-12-14 14:18 EST by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2006-0759
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-12-19 17:31:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2006-12-14 14:18:31 EST
+++ This bug was initially created as a clone of Bug #219682 +++

The Mozilla project is releasing Firefox to fix several flaws:


    As part of the Firefox and update releases we fixed several 
    bugs to improve the stability of the product. Some of these were crashes 
    that showed evidence of memory corruption and we presume that at least some 
    of these could be exploited to run arbitrary code with enough effort.

    Andrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay and 
    Vladimir Vukicevic reported crashes in the layout engine

    Igor Bukanov, Jesse Ruderman and moz_bug_r_a4 reported potential memory 
    corruption in the JavaScript engine


    Shutdown demonstrated that it was possible to use a JavaScript watch() to 
    gain elevated privilege. This could be used to compromise the user's 
    computer and install malware.


    Steven Michaud reported a crash in LiveConnect, the bridge code that allows 
    Java applets and web JavaScript to communicate. The crash is due to re-use 
    of an already-freed object and we presume this could be exploited with 
    enough effort.


    moz_bug_r_a4 reported that the src attribute of an IMG element loaded in a 
    frame could be changed to a javascript: URI that was able to bypass the 
    protections against cross-site script (XSS) injection. The injected script 
    could steal credentials and financial data, or perform destructive actions 
    on behalf of a logged-in user.


    An anonymous researcher for TippingPoint and the Zero Day Initiative reports 
    that attempting to append an SVG comment DOM node from one document into 
    another type of document results in memory corruption that can be exploited 
    to run arbitrary code.


    Georgi Guninski reported that long Content-Type headers in external message 
    bodies could cause a heap buffer overflow when processing mail headers. 
    While working on that code David Bienvenu discovered a similar overflow 
    could occur when processing long rfc2047-encoded headers.
Comment 1 Josh Bressers 2006-12-14 14:21:06 EST
These flaws also affect RHEL2.1 and RHEL3
Comment 4 Josh Bressers 2006-12-19 13:51:41 EST
Lifting embargo
Comment 5 Red Hat Bugzilla 2006-12-19 17:31:15 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.