Red Hat Bugzilla – Bug 219684
CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
Last modified: 2007-11-30 17:07:27 EST
+++ This bug was initially created as a clone of Bug #219682 +++
The Mozilla project is releasing Firefox 220.127.116.11 to fix several flaws:
As part of the Firefox 18.104.22.168 and 22.214.171.124 update releases we fixed several
bugs to improve the stability of the product. Some of these were crashes
that showed evidence of memory corruption and we presume that at least some
of these could be exploited to run arbitrary code with enough effort.
Andrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay and
Vladimir Vukicevic reported crashes in the layout engine
Igor Bukanov, Jesse Ruderman and moz_bug_r_a4 reported potential memory
gain elevated privilege. This could be used to compromise the user's
computer and install malware.
Steven Michaud reported a crash in LiveConnect, the bridge code that allows
of an already-freed object and we presume this could be exploited with
moz_bug_r_a4 reported that the src attribute of an IMG element loaded in a
protections against cross-site script (XSS) injection. The injected script
could steal credentials and financial data, or perform destructive actions
on behalf of a logged-in user.
An anonymous researcher for TippingPoint and the Zero Day Initiative reports
that attempting to append an SVG comment DOM node from one document into
another type of document results in memory corruption that can be exploited
to run arbitrary code.
Georgi Guninski reported that long Content-Type headers in external message
bodies could cause a heap buffer overflow when processing mail headers.
While working on that code David Bienvenu discovered a similar overflow
could occur when processing long rfc2047-encoded headers.
These flaws also affect RHEL2.1 and RHEL3
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.