RHEL 2.1 / 3 : mozilla (RHSA-2004:421)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated mozilla packages based on version 1.4.3 that fix a number of
security issues for Red Hat Enterprise Linux are now available.

Mozilla is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

A number of flaws have been found in Mozilla 1.4 that have been fixed
in the Mozilla 1.4.3 release :

Zen Parse reported improper input validation to the SOAPParameter
object constructor leading to an integer overflow and controllable
heap corruption. Malicious JavaScript could be written to utilize this
flaw and could allow arbitrary code execution. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0722 to this issue.

During a source code audit, Chris Evans discovered a buffer overflow
and integer overflows which affect the libpng code inside Mozilla. An
attacker could create a carefully crafted PNG file in such a way that
it would cause Mozilla to crash or execute arbitrary code when the
image was viewed. (CVE-2004-0597, CVE-2004-0599)

Zen Parse reported a flaw in the POP3 capability. A malicious POP3
server could send a carefully crafted response that would cause a heap
overflow and potentially allow execution of arbitrary code as the user
running Mozilla. (CVE-2004-0757)

Marcel Boesch found a flaw that allows a CA certificate to be imported
with a DN the same as that of the built-in CA root certificates, which
can cause a denial of service to SSL pages, as the malicious
certificate is treated as invalid. (CVE-2004-0758)

Met - Martin Hassman reported a flaw in Mozilla that could allow
malicious JavaScript code to upload local files from a users machine
without requiring confirmation. (CVE-2004-0759)

Mindlock Security reported a flaw in ftp URI handling. By using a NULL
character (%00) in a ftp URI, Mozilla can be confused into opening a
resource as a different MIME type. (CVE-2004-0760)

Mozilla does not properly prevent a frame in one domain from injecting
content into a frame that belongs to another domain, which facilitates
website spoofing and other attacks, also known as the frame injection
vulnerability. (CVE-2004-0718)

Tolga Tarhan reported a flaw that can allow a malicious webpage to use
a redirect sequence to spoof the security lock icon that makes a
webpage appear to be encrypted. (CVE-2004-0761)

Jesse Ruderman reported a security issue that affects a number of
browsers including Mozilla that could allow malicious websites to
install arbitrary extensions by using interactive events to manipulate
the XPInstall Security dialog box. (CVE-2004-0762)

Emmanouel Kellinis discovered a caching flaw in Mozilla which allows
malicious websites to spoof certificates of trusted websites via
redirects and JavaScript that uses the 'onunload' method.
(CVE-2004-0763)

Mozilla allowed malicious websites to hijack the user interface via
the 'chrome' flag and XML User Interface Language (XUL) files.
(CVE-2004-0764)

The cert_TestHostName function in Mozilla only checks the hostname
portion of a certificate when the hostname portion of the URI is not a
fully qualified domain name (FQDN). This flaw could be used for
spoofing if an attacker had control of machines on a default DNS
search path. (CVE-2004-0765)

All users are advised to update to these erratum packages which
contain a snapshot of Mozilla 1.4.3 including backported fixes and are
not vulnerable to these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-0597.html
https://www.redhat.com/security/data/cve/CVE-2004-0599.html
https://www.redhat.com/security/data/cve/CVE-2004-0718.html
https://www.redhat.com/security/data/cve/CVE-2004-0722.html
https://www.redhat.com/security/data/cve/CVE-2004-0757.html
https://www.redhat.com/security/data/cve/CVE-2004-0758.html
https://www.redhat.com/security/data/cve/CVE-2004-0759.html
https://www.redhat.com/security/data/cve/CVE-2004-0760.html
https://www.redhat.com/security/data/cve/CVE-2004-0761.html
https://www.redhat.com/security/data/cve/CVE-2004-0762.html
https://www.redhat.com/security/data/cve/CVE-2004-0763.html
https://www.redhat.com/security/data/cve/CVE-2004-0764.html
https://www.redhat.com/security/data/cve/CVE-2004-0765.html
http://bugzilla.mozilla.org/show_bug.cgi?id=236618
http://bugzilla.mozilla.org/show_bug.cgi?id=251381
http://bugzilla.mozilla.org/show_bug.cgi?id=229374
http://bugzilla.mozilla.org/show_bug.cgi?id=249004
http://bugzilla.mozilla.org/show_bug.cgi?id=241924
http://bugzilla.mozilla.org/show_bug.cgi?id=250906
http://bugzilla.mozilla.org/show_bug.cgi?id=246448
http://bugzilla.mozilla.org/show_bug.cgi?id=240053
http://bugzilla.mozilla.org/show_bug.cgi?id=162020
http://bugzilla.mozilla.org/show_bug.cgi?id=253121
http://bugzilla.mozilla.org/show_bug.cgi?id=244965
http://bugzilla.mozilla.org/show_bug.cgi?id=234058
http://rhn.redhat.com/errata/RHSA-2004-421.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true