<<< Date Index >>>     <<< Thread Index >>>

OpenServer 5.0.7 : Mozilla Multiple issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 5.0.7 : Mozilla Multiple issues
Advisory number:        SCOSA-2004.8
Issue date:             2004 July 20
Cross reference:        sr889065 fz528708 erg712531 CAN-2003-0594
______________________________________________________________________________


1. Problem Description

        Mozilla upgrade to version 1.6. fixes several security isuses.  

        Mozilla Browser Scope Cross-Domain Function or Variable Disclosure 

        Jesse Ruderman has reported a vulnerability in Mozilla where a 
        malicious site may detect whether functions or variables are defined 
        in another browser window. The issue is reported to exist due to a 
        lack of sufficient access controls enforced on eval() calls. An 
        attacker may exploit this issue to potentially enumerate browsing 
        habits of an unsuspecting user. 

        Mozilla Browser Proxy Server Authentication Credential Disclosure 

        Darin Fisher has reported an information disclosure bug in Mozilla. 
        When the user attempts to connect to a malicious server subsequent to 
        successfully authenticating to the trusted server and if the malicious 
        proxy with a same realm as the trusted server sends the user a "407 
        Proxy authentication required" message, Mozilla will send the cached 
        authentication credentials from the previous exchange with the trusted 
        proxy to the malicious server. This is carried out regardless of the 
        different domain name or IP address of the malicious server. 

        Mozilla Custom Getter/Setter Objects Same Origin Policy Violation 

        Jesse Ruderman has reported a same origin policy violation vulnerability
        in Mozilla. It has been reported that custom getter/setter objects do 
        not possess a check for the Same Origin Policy.  This may allow the 
        object to be invoked to gain access to properties of another domain in 
        a frame or iframe. 

        Mozilla URI Sub-Directory Arbitrary Cookie Access Vulnerability

        Stephen P. Morse discovered a problem in the behavior of the cookie 
        handling in Mozilla. If similar path attributes exist in two separate 
        cookies, it may be possible for a site to gain unauthorized access to 
        cookies issued by another site in the same domain. The correct behavior
        is to restrict this type of access based both on domain and exact path 
        attribute information. 

        Mozilla Browser Cookie Path Restriction Bypass Vulnerability 

        Daniel Veditz has reported a vulnerability in Mozilla where a malicious
        site  may read  cookies  from unauthorized  paths  due  to a lack of 
        sufficient sanitization performed on cookie paths. A malicious cookie 
        path containing certain escape sequence will reportedly bypass cookie 
        path access controls. 

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2003-0594 to this issue.

        Mozilla Browser Script.prototype.freeze/thaw Arbitrary Code Execution 

        Brendan Eich has reported a vulnerability in Mozilla that may permit 
        remote attackers to execute arbitrary code. The issue is in the 
        JavaScript Script.prototype.freeze/thaw functionality. An attacker with
        knowledge of JavaScript bytecode and JavaScript engine internals, as 
        well as the native architecture of a client system may theoretically 
        cause arbitrary code to be executed.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.7                Mozilla distribution

3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 5.0.7

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/507mp3_vol.tar

        4.2 Verification

        MD5 (507mp3_vol.tar) = c927aefdd50b50aca5d29e08c1562aec

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        4.3 Installing Fixed Binaries

        Read the Maintenance Pack 3 Release and Installation Notes at

        ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/osr507mp3.txt


5. References

        Specific references for this advisory:
                http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0594 
        
                http://www.securityfocus.com/bid/9322 
                http://www.securityfocus.com/bid/9323 
                http://www.securityfocus.com/bid/9325 
                http://www.securityfocus.com/bid/9326 
                http://www.securityfocus.com/bid/9328 
                http://www.securityfocus.com/bid/9330 

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr889065 fz528708
        erg712531.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


7. Acknowledgments

        SCO would like to thank Jesse Ruderman, Darin Fisher, Stephen P. Morse,
        Daniel Veditz,  Brendan Eich, and the Mozilla team. 

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFBACHcaqoBO7ipriERAtsFAJ9OYWMxcrqGEXbO3jE3ej1M2x9FVQCfS7FJ
Tj7sYxhkzoA2XkRI6cv0Nes=
=wLKz
-----END PGP SIGNATURE-----