RHEL 2.1 : mozilla (RHSA-2003:163)

High Nessus Plugin ID 12394


The remote Red Hat host is missing one or more security updates.


Updated Mozilla packages that fix various bugs and security issues in previous versions of Mozilla are now available.

Mozilla is an open source Web browser.

A heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.

These errata packages upgrade Mozilla to version 1.0.2, which is not vulnerable to this issue. Mozilla 1.0.2 also contains a number of other stability and security updates.


Update the affected packages.

See Also




Plugin Details

Severity: High

ID: 12394

File Name: redhat-RHSA-2003-163.nasl

Version: $Revision: 1.20 $

Type: local

Agent: unix

Published: 2004/07/06

Modified: 2016/12/28

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:galeon, p-cpe:/a:redhat:enterprise_linux:mozilla, p-cpe:/a:redhat:enterprise_linux:mozilla-chat, p-cpe:/a:redhat:enterprise_linux:mozilla-devel, p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector, p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger, p-cpe:/a:redhat:enterprise_linux:mozilla-mail, p-cpe:/a:redhat:enterprise_linux:mozilla-nspr, p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel, p-cpe:/a:redhat:enterprise_linux:mozilla-nss, p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel, p-cpe:/a:redhat:enterprise_linux:mozilla-psm, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2003/10/15

Vulnerability Publication Date: 2002/11/14

Reference Information

CVE: CVE-2002-1308

OSVDB: 14202

RHSA: 2003:163