GLSA-200703-05 : Mozilla Suite: Multiple vulnerabilities

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200703-05
(Mozilla Suite: Multiple vulnerabilities)

Several vulnerabilities ranging from code execution with elevated
privileges to information leaks affect the Mozilla Suite.

Impact :

A remote attacker could entice a user to browse to a specially crafted
website or open a specially crafted mail that could trigger some of the
vulnerabilities, potentially allowing execution of arbitrary code,
denials of service, information leaks, or cross-site scripting attacks
leading to the robbery of cookies of authentication credentials.

Workaround :

Most of the issues, but not all of them, can be prevented by disabling
the HTML rendering in the mail client and JavaScript on every
application.

See also :

http://www.nessus.org/u?7f20085f
http://www.gentoo.org/security/en/glsa/glsa-200703-05.xml

Solution :

The Mozilla Suite is no longer supported and has been masked after some
necessary changes on all the other ebuilds which used to depend on it.
Mozilla Suite users should unmerge www-client/mozilla or
www-client/mozilla-bin, and switch to a supported product, like
SeaMonkey, Thunderbird or Firefox.
# emerge --unmerge 'www-client/mozilla'
# emerge --unmerge 'www-client/mozilla-bin'

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 24772 (gentoo_GLSA-200703-05.nasl)

Bugtraq ID: 22694

CVE ID: