-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.7 : Mozilla Multiple issues
Advisory number: 	SCOSA-2004.8
Issue date: 		2004 July 20
Cross reference:	sr889065 fz528708 erg712531 CAN-2003-0594
______________________________________________________________________________


1. Problem Description

	Mozilla upgrade to version 1.6. fixes several security isuses.  

	Mozilla Browser Scope Cross-Domain Function or Variable Disclosure 

	Jesse Ruderman has reported a vulnerability in Mozilla where a 
	malicious site may detect whether functions or variables are defined 
	in another browser window. The issue is reported to exist due to a 
	lack of sufficient access controls enforced on eval() calls. An 
	attacker may exploit this issue to potentially enumerate browsing 
	habits of an unsuspecting user. 

	Mozilla Browser Proxy Server Authentication Credential Disclosure 

	Darin Fisher has reported an information disclosure bug in Mozilla. 
	When the user attempts to connect to a malicious server subsequent to 
	successfully authenticating to the trusted server and if the malicious 
	proxy with a same realm as the trusted server sends the user a "407 
	Proxy authentication required" message, Mozilla will send the cached 
	authentication credentials from the previous exchange with the trusted 
	proxy to the malicious server. This is carried out regardless of the 
	different domain name or IP address of the malicious server. 

	Mozilla Custom Getter/Setter Objects Same Origin Policy Violation 

	Jesse Ruderman has reported a same origin policy violation vulnerability
	in Mozilla. It has been reported that custom getter/setter objects do 
	not possess a check for the Same Origin Policy.  This may allow the 
	object to be invoked to gain access to properties of another domain in 
	a frame or iframe. 

	Mozilla URI Sub-Directory Arbitrary Cookie Access Vulnerability

	Stephen P. Morse discovered a problem in the behavior of the cookie 
	handling in Mozilla. If similar path attributes exist in two separate 
	cookies, it may be possible for a site to gain unauthorized access to 
	cookies issued by another site in the same domain. The correct behavior
	is to restrict this type of access based both on domain and exact path 
	attribute information. 

	Mozilla Browser Cookie Path Restriction Bypass Vulnerability 

	Daniel Veditz has reported a vulnerability in Mozilla where a malicious
	site  may read  cookies  from unauthorized  paths  due  to a lack of 
	sufficient sanitization performed on cookie paths. A malicious cookie 
	path containing certain escape sequence will reportedly bypass cookie 
	path access controls. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2003-0594 to this issue.

	Mozilla Browser Script.prototype.freeze/thaw Arbitrary Code Execution 

	Brendan Eich has reported a vulnerability in Mozilla that may permit 
	remote attackers to execute arbitrary code. The issue is in the 
	JavaScript Script.prototype.freeze/thaw functionality. An attacker with
	knowledge of JavaScript bytecode and JavaScript engine internals, as 
	well as the native architecture of a client system may theoretically 
	cause arbitrary code to be executed.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.7 		Mozilla distribution

3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.7

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/507mp3_vol.tar

	4.2 Verification

	MD5 (507mp3_vol.tar) = c927aefdd50b50aca5d29e08c1562aec

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	4.3 Installing Fixed Binaries

	Read the Maintenance Pack 3 Release and Installation Notes at

	ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/osr507mp3.txt


5. References

	Specific references for this advisory:
		http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0594		
		http://www.securityfocus.com/bid/9322 
		http://www.securityfocus.com/bid/9323 
		http://www.securityfocus.com/bid/9325 
		http://www.securityfocus.com/bid/9326 
		http://www.securityfocus.com/bid/9328 
		http://www.securityfocus.com/bid/9330 

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr889065 fz528708
	erg712531.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


7. Acknowledgments

	SCO would like to thank	Jesse Ruderman, Darin Fisher, Stephen P. Morse,
	Daniel Veditz,  Brendan Eich, and the Mozilla team. 

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFBACHcaqoBO7ipriERAtsFAJ9OYWMxcrqGEXbO3jE3ej1M2x9FVQCfS7FJ
Tj7sYxhkzoA2XkRI6cv0Nes=
=wLKz
-----END PGP SIGNATURE-----