Detections
Analytics
GLSA-200703-05 : Mozilla Suite: Multiple vulnerabilities
medium Nessus Plugin ID 24772
Synopsis
The remote Gentoo host is missing one or more security-related patches.Description
The remote host is affected by the vulnerability described in GLSA-200703-05 (Mozilla Suite: Multiple vulnerabilities)Several vulnerabilities ranging from code execution with elevated privileges to information leaks affect the Mozilla Suite.
Impact :
A remote attacker could entice a user to browse to a specially crafted website or open a specially crafted mail that could trigger some of the vulnerabilities, potentially allowing execution of arbitrary code, denials of service, information leaks, or cross-site scripting attacks leading to the robbery of cookies of authentication credentials.
Workaround :
Most of the issues, but not all of them, can be prevented by disabling the HTML rendering in the mail client and JavaScript on every application.
Solution
The Mozilla Suite is no longer supported and has been masked after some necessary changes on all the other ebuilds which used to depend on it.Mozilla Suite users should unmerge www-client/mozilla or www-client/mozilla-bin, and switch to a supported product, like SeaMonkey, Thunderbird or Firefox.
# emerge --unmerge 'www-client/mozilla' # emerge --unmerge 'www-client/mozilla-bin'
See Also
Plugin Details
Severity: Medium
ID: 24772
File Name: gentoo_GLSA-200703-05.nasl
Version: 1.16
Type: local
Family: Gentoo Local Security Checks
Published: 3/6/2007
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:gentoo:linux:mozilla, p-cpe:/a:gentoo:linux:mozilla-bin, cpe:/o:gentoo:linux
Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list
Exploit Ease: No known exploits are available
Patch Publication Date: 3/3/2007
Reference Information
BID: 21240, 22396, 22566, 22694
GLSA: 200703-05