Sun Microsystems is working to fix multiple vulnerabilities affecting the Netscape browser for Solaris, which an attacker could use to cause a denial of service or launch malicious code.
"Multiple security vulnerabilities have been discovered in the Portable Network Graphics (PNG) Library [libpng] which also affect Netscape 7 shipped with Solaris since Netscape 7 includes the affected libpng routines," the Santa Clara, Calif.-based company said in its advisory. "This may allow an unprivileged user to execute arbitrary code with the privileges of a local user."
Attackers can exploit the vulnerability by tricking a local user into visiting a malicious Web site or viewing a malicious e-mail with an affected application linked to libpng, Sun said.
The security holes affect Solaris 7, 8 and 9 with Netscape 7 running on the SPARC and x86 platforms. "There are no predictable symptoms that would indicate the described issue has been exploited," Sun said. "There is no workaround for this issue."
However, Sun said a final resolution to the problem is pending.
Danish security firm Secunia called the problem "highly critical" in its advisory and noted that the libpng issue was discovered in August. "The vulnerabilities are caused due to NULL pointer dereference errors and boundary errors within various functions when processing PNG files," Secunia said. "Some of these can be exploited to cause stack-based buffer overflows via specially crafted PNG files."
Sun had not returned a request for additional details at the time of writing.