RHEL 2.1 / 3 : mozilla (RHSA-2005:323)

high Nessus Plugin ID 17624

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated mozilla packages that fix various bugs are now available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0399 to this issue.

A bug was found in the way Mozilla displays dialog windows. It is possible that a malicious web page which is being displayed in a background tab could present the user with a dialog window appearing to come from the active page. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1380 to this issue.

A bug was found in the way Mozilla allowed plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0232 to this issue.

A bug was found in the way Mozilla Mail handles cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0149 to this issue.

A bug was found in the way Mozilla responds to proxy auth requests. It is possible for a malicious webserver to steal credentials from a victims browser by issuing a 407 proxy authentication request. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0147 to this issue.

A bug was found in the way Mozilla handles certain start tags followed by a NULL character. A malicious web page could cause Mozilla to crash when viewed by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1613 to this issue.

A bug was found in the way Mozilla sets file permissions when installing XPI packages. It is possible for an XPI package to install some files world readable or writable, allowing a malicious local user to steal information or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0906 to this issue.

A bug was found in the way Mozilla loads links in a new tab which are middle clicked. A malicious web page could read local files or modify privileged chrom settings. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0141 to this issue.

A bug was found in the way Mozilla displays the secure site icon. A malicious web page can use a view-source URL targetted at a secure page, while loading an insecure page, yet the secure site icon shows the previous secure state. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0144 to this issue.

Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.4.4 and additional backported patches to correct these issues.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2004-0906

https://access.redhat.com/security/cve/cve-2004-1380

https://access.redhat.com/security/cve/cve-2004-1613

https://access.redhat.com/security/cve/cve-2005-0141

https://access.redhat.com/security/cve/cve-2005-0144

https://access.redhat.com/security/cve/cve-2005-0147

https://access.redhat.com/security/cve/cve-2005-0149

https://access.redhat.com/security/cve/cve-2005-0232

https://access.redhat.com/security/cve/cve-2005-0399

https://access.redhat.com/errata/RHSA-2005:323

Plugin Details

Severity: High

ID: 17624

File Name: redhat-RHSA-2005-323.nasl

Version: 1.24

Type: local

Agent: unix

Published: 3/25/2005

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:galeon, p-cpe:/a:redhat:enterprise_linux:mozilla, p-cpe:/a:redhat:enterprise_linux:mozilla-chat, p-cpe:/a:redhat:enterprise_linux:mozilla-devel, p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector, p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger, p-cpe:/a:redhat:enterprise_linux:mozilla-mail, p-cpe:/a:redhat:enterprise_linux:mozilla-nspr, p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel, p-cpe:/a:redhat:enterprise_linux:mozilla-nss, p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel, cpe:/o:redhat:enterprise_linux:2.1, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 3/23/2005

Vulnerability Publication Date: 10/18/2004

Reference Information

CVE: CVE-2004-0906, CVE-2004-1380, CVE-2004-1613, CVE-2005-0141, CVE-2005-0144, CVE-2005-0147, CVE-2005-0149, CVE-2005-0232, CVE-2005-0399

RHSA: 2005:323