[Full-Disclosure] OpenServer 5.0.7 : Mozilla Multiple issues
To: email@example.com, firstname.lastname@example.org, email@example.com Date: Thu, 22 Jul 2004 14:34:44 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
SCO Security Advisory
Subject: OpenServer 5.0.7 : Mozilla Multiple issues
Advisory number: SCOSA-2004.8
Issue date: 2004 July 20
Cross reference: sr889065 fz528708 erg712531 CAN-2003-0594
1. Problem Description
Mozilla upgrade to version 1.6. fixes several security isuses.
Mozilla Browser Scope Cross-Domain Function or Variable Disclosure
Jesse Ruderman has reported a vulnerability in Mozilla where a
malicious site may detect whether functions or variables are defined
in another browser window. The issue is reported to exist due to a
lack of sufficient access controls enforced on eval() calls. An
attacker may exploit this issue to potentially enumerate browsing
habits of an unsuspecting user.
Mozilla Browser Proxy Server Authentication Credential Disclosure
Darin Fisher has reported an information disclosure bug in Mozilla.
When the user attempts to connect to a malicious server subsequent to
successfully authenticating to the trusted server and if the malicious
proxy with a same realm as the trusted server sends the user a "407
Proxy authentication required" message, Mozilla will send the cached
authentication credentials from the previous exchange with the trusted
proxy to the malicious server. This is carried out regardless of the
different domain name or IP address of the malicious server.
Mozilla Custom Getter/Setter Objects Same Origin Policy Violation
Jesse Ruderman has reported a same origin policy violation vulnerability
in Mozilla. It has been reported that custom getter/setter objects do
not possess a check for the Same Origin Policy. This may allow the
object to be invoked to gain access to properties of another domain in
a frame or iframe.
Mozilla URI Sub-Directory Arbitrary Cookie Access Vulnerability
Stephen P. Morse discovered a problem in the behavior of the cookie
handling in Mozilla. If similar path attributes exist in two separate
cookies, it may be possible for a site to gain unauthorized access to
cookies issued by another site in the same domain. The correct behavior
is to restrict this type of access based both on domain and exact path
Mozilla Browser Cookie Path Restriction Bypass Vulnerability
Daniel Veditz has reported a vulnerability in Mozilla where a malicious
site may read cookies from unauthorized paths due to a lack of
sufficient sanitization performed on cookie paths. A malicious cookie
path containing certain escape sequence will reportedly bypass cookie
path access controls.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0594 to this issue.
Mozilla Browser Script.prototype.freeze/thaw Arbitrary Code Execution
Brendan Eich has reported a vulnerability in Mozilla that may permit
remote attackers to execute arbitrary code. The issue is in the
well as the native architecture of a client system may theoretically
cause arbitrary code to be executed.
2. Vulnerable Supported Versions
OpenServer 5.0.7 Mozilla distribution
The proper solution is to install the latest packages.
4. OpenServer 5.0.7
4.1 Location of Fixed Binaries
MD5 (507mp3_vol.tar) = c927aefdd50b50aca5d29e08c1562aec
md5 is available for download from
4.3 Installing Fixed Binaries
Read the Maintenance Pack 3 Release and Installation Notes at
Specific references for this advisory:
SCO security resources:
SCO security advisories via email
This security fix closes SCO incidents sr889065 fz528708
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
SCO would like to thank Jesse Ruderman, Darin Fisher, Stephen P. Morse,
Daniel Veditz, Brendan Eich, and the Mozilla team.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.