TITLE: Sun Solaris Multiple Mozilla Vulnerabilities SECUNIA ADVISORY ID: SA17235 VERIFY ADVISORY: http://secunia.com/advisories/17235/ CRITICAL: Highly critical IMPACT: Spoofing, System access WHERE: >From remote OPERATING SYSTEM: Sun Solaris 10 http://secunia.com/product/4813/ Sun Solaris 8 http://secunia.com/product/94/ Sun Solaris 9 http://secunia.com/product/95/ SOFTWARE: Sun Java Desktop System (JDS) Release 2 http://secunia.com/product/5797/ DESCRIPTION: Sun Microsystems has acknowledged some vulnerabilities in Solaris, which can be exploited by malicious people to spoof the contents of web sites or to compromise a user's system. For more information: SA15601 SA16917 The vulnerabilities affect Mozilla 1.4 (downloaded from the Sun Download Center) and Mozilla 1.7 in the following products: * Solaris 8 (SPARC and x86) * Solaris 9 (SPARC and x86) * Solaris 10 (SPARC and x86) * Sun Java Desktop System (JDS) Release 2 (Linux) Two errors that may allow a malicious website to crash the Mozilla browser when the user drags an image across multiple windows, or by providing a table with large rowspans or colspans have also been fixed. SOLUTION: Apply patches. -- SPARC Platform -- Solaris 10: Apply patch 119115-10 or later. -- x86 Platform -- Solaris 10: Apply patch 119116-10 or later. A final resolution for other Solaris versions is reportedly pending completion. The vendor recommends that "image display" option should be turned off. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1 OTHER REFERENCES: SA15601: http://secunia.com/advisories/15601/ SA16917: http://secunia.com/advisories/16917/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------