Library flaws affect Solaris with Netscape

Bill Brenner

Sun Microsystems is working to fix multiple vulnerabilities affecting the Netscape browser for Solaris, which an attacker could use to cause a denial of service or launch malicious code.

"Multiple security vulnerabilities have been discovered in the Portable Network Graphics (PNG) Library [libpng] which also affect Netscape 7 shipped with Solaris since Netscape 7 includes the affected libpng routines," the Santa Clara, Calif.-based company said in its

    Requires Free Membership to View

advisory. "This may allow an unprivileged user to execute arbitrary code with the privileges of a local user."

Attackers can exploit the vulnerability by tricking a local user into visiting a malicious Web site or viewing a malicious e-mail with an affected application linked to libpng, Sun said.

The security holes affect Solaris 7, 8 and 9 with Netscape 7 running on the SPARC and x86 platforms. "There are no predictable symptoms that would indicate the described issue has been exploited," Sun said. "There is no workaround for this issue."

However, Sun said a final resolution to the problem is pending.

Danish security firm Secunia called the problem "highly critical" in its advisory and noted that the libpng issue was discovered in August. "The vulnerabilities are caused due to NULL pointer dereference errors and boundary errors within various functions when processing PNG files," Secunia said. "Some of these can be exploited to cause stack-based buffer overflows via specially crafted PNG files."

Sun had not returned a request for additional details at the time of writing.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: