How to Buy
This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated mozilla packages that fix a number of security issues are now
Mozilla is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.
Jesse Ruderman discovered a cross-domain scripting bug in Mozilla. If
or page, it becomes possible for an attacker to steal or modify
sensitive information from that site. Additionally, if a user is
tricked into dragging two links in sequence to another window (not
frame), it is possible for the attacker to execute arbitrary commands.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0905 to this issue.
Gael Delalleau discovered an integer overflow which affects the BMP
handling code inside Mozilla. An attacker could create a carefully
crafted BMP file in such a way that it would cause Mozilla to crash or
execute arbitrary code when the image is viewed. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0904 to this issue.
Georgi Guninski discovered a stack-based buffer overflow in the vCard
display routines. An attacker could create a carefully crafted vCard
file in such a way that it would cause Mozilla to crash or execute
arbitrary code when viewed. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0903 to this
the clipboard. It is possible that an attacker could use malicious
clipboard. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0908 to this issue.
Georgi Guninski discovered a heap based buffer overflow in the 'Send
Page' feature. It is possible that an attacker could construct a link
in such a way that a user attempting to forward it could result in a
crash or arbitrary code execution. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0902
to this issue.
Users of Mozilla should update to these updated packages, which
contain backported patches and are not vulnerable to these issues.
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 15409 ()
CVE ID: CVE-2004-0902CVE-2004-0903CVE-2004-0904CVE-2004-0905CVE-2004-0908
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.