Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Slackware host is missing a security update.

Description :

New Mozilla packages are available for Slackware 9.1, 10.0, and
-current to fix a number of security issues. Slackware 10.0 and
-current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was
upgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require
new versions of things that link with the Mozilla libraries, so for
Slackware 10.0 and -current new versions of epiphany, galeon, gaim,
and mozilla-plugins have also been provided. There don't appear to be
epiphany and galeon versions that are compatible with Mozilla 1.4.3
and the GNOME in Slackware 9.1, so these are not provided and Epiphany
and Galeon will be broken on Slackware 9.1 if the new Mozilla package
is installed. Furthermore, earlier versions of Mozilla (such as the
1.3 series) were not fixed upstream, so versions of Slackware earlier
than 9.1 will remain vulnerable to these browser issues. If you still
use Slackware 9.0 or earlier, you may want to consider removing
Mozilla or upgrading to a newer version.

See also :

http://www.nessus.org/u?38dd43e4

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true