Mozilla Multiple Product Window Navigator Object Arbitrary Code Execution

2006-07-25T05:04:14
ID OSVDB:27559
Type osvdb
Reporter OSVDB
Modified 2006-07-25T05:04:14

Description

Solution Description

Upgrade Firefox to version 1.5.0.5 or Seamonkey to version 1.0.3, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific News/Changelog Entry: http://www.caminobrowser.org/releases/1.0.2.php Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1016586 Security Tracker: 1016587 Secunia Advisory ID:21361 Secunia Advisory ID:22066 Secunia Advisory ID:22210 Secunia Advisory ID:21228 Secunia Advisory ID:21532 Secunia Advisory ID:22065 Secunia Advisory ID:21343 Secunia Advisory ID:21262 Secunia Advisory ID:19873 Secunia Advisory ID:21229 Secunia Advisory ID:21216 Secunia Advisory ID:21246 Secunia Advisory ID:21243 Secunia Advisory ID:21269 Secunia Advisory ID:21270 Secunia Advisory ID:21336 Secunia Advisory ID:21529 Secunia Advisory ID:21631 Related OSVDB ID: 27558 Related OSVDB ID: 27560 Related OSVDB ID: 27564 Related OSVDB ID: 27565 Related OSVDB ID: 27567 Related OSVDB ID: 27566 Related OSVDB ID: 27568 Related OSVDB ID: 27572 Related OSVDB ID: 27561 Related OSVDB ID: 27562 Related OSVDB ID: 27569 RedHat RHSA: RHSA-2006:0608 RedHat RHSA: RHSA-2006:0609 RedHat RHSA: RHSA-2006:0611 RedHat RHSA: RHSA-2006:0610 RedHat RHSA: RHSA-2006:0594 Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-06-025.html Other Advisory URL: http://browserfun.blogspot.com/2006/07/mobb-28-mozilla-navigator-object.html News Article: http://news.com.com/Firefox+update+plugs+critical+holes/2100-1002_3-6099254.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0696.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0492.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0682.html Keyword: MoBB #28 Generic Exploit URL: http://metasploit.com/users/hdm/tools/browserfun/mobb_028.html Generic Exploit URL: http://www.securiteam.com/exploits/5LP090KJFW.html FrSIRT Advisory: ADV-2006-2998 CVE-2006-3677 CERT VU: 670060 Bugtraq ID: 19181 Bugtraq ID: 19192