Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2006:1960


Id SUSE-2006:1960
Name Novell SUSE 2006:1960 MozillaFirefox security update for SLE 10 i586
Vendor Name novell
Product None
Content Type Critical - 01 Critical - 01
Operating System(s) Linux 
Released On 10 Aug 2006 12:00:00


Novell SUSE 2006:1960 MozillaFirefox security update for SLE 10 i586

Vendor Name




Released On

10 Aug 2006 12:00:00



This security update brings Mozilla Firefox to version More details can be found on: es.html It includes fixes to the following security problems: - CVE-2006-3801/MFSA 2006-44: Code execution through deleted frame reference Thilo Girmann discovered that in certain circumstances a JavaScript reference to a frame or window was not properly cleared when the referenced content went away, and he demonstrated that this pointer to a deleted object could be used to execute native code supplied by the attacker. - CVE-2006-3677/MFSA 2006-45: Javascript navigator Object Vulnerability An anonymous researcher for TippingPoint and the Zero Day Initiative showed that when used in a web page Java would reference properties of the window.navigator object as it started up. If the page replaced the navigator object before starting Java then the browser would crash in a way that could be exploited to run native code supplied by the attacker. - CVE-2006-3113/MFSA 2006-46: Memory corruption with simultaneous events Secunia Research has discovered a vulnerability in Mozilla Firefox 1.5 branch, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an memory corruption error within the handling of simultaneously happening XPCOM events, which leads to use of a deleted timer object. This generally results in a crash but potentially could be exploited to execute arbitrary code on a user's system when a malicious website is visited. - CVE-2006-3802/MFSA 2006-47: Native DOM methods can be hijacked across domains A malicious page can hijack native DOM methods on a document object in another domain, which will run the attacker's script when called by the victim page. This could be used to steal login cookies, password, or other sensitive data on the target page, or to perform actions on behalf of a logged-in user. Access checks on all other properties and document nodes are performed correctly. This cross-site scripting (XSS) attack is limited to pages which use standard DOM methods of the top-level document object, such as document.getElementById(). This includes many popular sites, especially the newer ones that offer rich interaction to the user. - CVE-2006-3803/MFSA 2006-48: JavaScript new Function race condition H. D. Moore reported a testcase that was able to trigger a race condition where JavaScript garbage collection deleted a temporary variable still being used in the creation of a new Function object. The resulting use of a deleted object may be potentially exploitable to run native code provided by the attacker. - CVE-2006-3804/MFSA 2006-49: Heap buffer overwrite on malformed VCard A VCard attachment with a malformed base64 field (such as a photo) can trigger a heap buffer overwrite. These have proven exploitable in the past, though in this case the overwrite is accompanied by an integer underflow that would attempt to copy more data than the typical machine has, leading to a crash. - CVE-2006-3805/CVE-2006-3806/MFSA 2006-50: JavaScript engine vulnerabilities Continuing our security audit of the JavaScript engine, Mozilla developers found and fixed several potential vulnerabilities. Igor Bukanov and shutdown found additional places where an untimely garbage collection could delete a temporary object that was in active use (similar to MFSA 2006-01 and MFSA 2006-10

Related Resources

Related Vulnerabilities

CVE-2006-3801   CVE-2006-3677   CVE-2006-3113   CVE-2006-3802   CVE-2006-3803   CVE-2006-3804   CVE-2006-3805   CVE-2006-3806   CVE-2006-3807   CVE-2006-3808   CVE-2006-3809   CVE-2006-3810   CVE-2006-3811   CVE-2006-3812  

Related Patches

Superseded Patches

Last Updated: 07 Dec 2011 02:28:37