Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A number of security vulnerabilities in mozilla are addressed by this
update for Mandrakelinux 10.0 users, including a fix for frame
spoofing, a fixed popup XPInstall/security dialog bug, a fix for
untrusted chrome calls, a fix for SSL certificate spoofing, a fix for
stealing secure HTTP Auth passwords via DNS spoofing, a fix for
insecure matching of cert names for non-FQDNs, a fix for focus
redefinition from another domain, a fix for a SOAP parameter overflow,
a fix for text drag on file entry, a fix for certificate DoS, and a
fix for lock icon and cert spoofing.

Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been
rebuilt to use the system libjpeg and libpng which addresses
vulnerabilities discovered in libpng (ref: MDKSA-2004:079).

See also :

http://bugzilla.mozilla.org/show_bug.cgi?id=149478
http://bugzilla.mozilla.org/show_bug.cgi?id=162020
http://bugzilla.mozilla.org/show_bug.cgi?id=206859
http://bugzilla.mozilla.org/show_bug.cgi?id=226278
http://bugzilla.mozilla.org/show_bug.cgi?id=229374
http://bugzilla.mozilla.org/show_bug.cgi?id=234058
http://bugzilla.mozilla.org/show_bug.cgi?id=236618
http://bugzilla.mozilla.org/show_bug.cgi?id=239580
http://bugzilla.mozilla.org/show_bug.cgi?id=240053
http://bugzilla.mozilla.org/show_bug.cgi?id=244965
http://bugzilla.mozilla.org/show_bug.cgi?id=246448
http://bugzilla.mozilla.org/show_bug.cgi?id=249004
http://bugzilla.mozilla.org/show_bug.cgi?id=253121
http://bugzilla.mozilla.org/show_bug.cgi?id=86028

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now