RHEL 2.1 / 3 : mozilla (RHSA-2004:421)

critical Nessus Plugin ID 14214

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated mozilla packages based on version 1.4.3 that fix a number of security issues for Red Hat Enterprise Linux are now available.

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

A number of flaws have been found in Mozilla 1.4 that have been fixed in the Mozilla 1.4.3 release :

Zen Parse reported improper input validation to the SOAPParameter object constructor leading to an integer overflow and controllable heap corruption. Malicious JavaScript could be written to utilize this flaw and could allow arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0722 to this issue.

During a source code audit, Chris Evans discovered a buffer overflow and integer overflows which affect the libpng code inside Mozilla. An attacker could create a carefully crafted PNG file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image was viewed. (CVE-2004-0597, CVE-2004-0599)

Zen Parse reported a flaw in the POP3 capability. A malicious POP3 server could send a carefully crafted response that would cause a heap overflow and potentially allow execution of arbitrary code as the user running Mozilla. (CVE-2004-0757)

Marcel Boesch found a flaw that allows a CA certificate to be imported with a DN the same as that of the built-in CA root certificates, which can cause a denial of service to SSL pages, as the malicious certificate is treated as invalid. (CVE-2004-0758)

Met - Martin Hassman reported a flaw in Mozilla that could allow malicious JavaScript code to upload local files from a users machine without requiring confirmation. (CVE-2004-0759)

Mindlock Security reported a flaw in ftp URI handling. By using a NULL character (%00) in a ftp URI, Mozilla can be confused into opening a resource as a different MIME type. (CVE-2004-0760)

Mozilla does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates website spoofing and other attacks, also known as the frame injection vulnerability. (CVE-2004-0718)

Tolga Tarhan reported a flaw that can allow a malicious webpage to use a redirect sequence to spoof the security lock icon that makes a webpage appear to be encrypted. (CVE-2004-0761)

Jesse Ruderman reported a security issue that affects a number of browsers including Mozilla that could allow malicious websites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. (CVE-2004-0762)

Emmanouel Kellinis discovered a caching flaw in Mozilla which allows malicious websites to spoof certificates of trusted websites via redirects and JavaScript that uses the 'onunload' method.
(CVE-2004-0763)

Mozilla allowed malicious websites to hijack the user interface via the 'chrome' flag and XML User Interface Language (XUL) files.
(CVE-2004-0764)

The cert_TestHostName function in Mozilla only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN). This flaw could be used for spoofing if an attacker had control of machines on a default DNS search path. (CVE-2004-0765)

All users are advised to update to these erratum packages which contain a snapshot of Mozilla 1.4.3 including backported fixes and are not vulnerable to these issues.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2004-0597

https://access.redhat.com/security/cve/cve-2004-0599

https://access.redhat.com/security/cve/cve-2004-0718

https://access.redhat.com/security/cve/cve-2004-0722

https://access.redhat.com/security/cve/cve-2004-0757

https://access.redhat.com/security/cve/cve-2004-0758

https://access.redhat.com/security/cve/cve-2004-0759

https://access.redhat.com/security/cve/cve-2004-0760

https://access.redhat.com/security/cve/cve-2004-0761

https://access.redhat.com/security/cve/cve-2004-0762

https://access.redhat.com/security/cve/cve-2004-0763

https://access.redhat.com/security/cve/cve-2004-0764

https://access.redhat.com/security/cve/cve-2004-0765

https://bugzilla.mozilla.org/show_bug.cgi?id=236618

https://bugzilla.mozilla.org/show_bug.cgi?id=251381

https://bugzilla.mozilla.org/show_bug.cgi?id=229374

https://bugzilla.mozilla.org/show_bug.cgi?id=249004

https://bugzilla.mozilla.org/show_bug.cgi?id=241924

https://bugzilla.mozilla.org/show_bug.cgi?id=250906

https://bugzilla.mozilla.org/show_bug.cgi?id=246448

https://bugzilla.mozilla.org/show_bug.cgi?id=240053

https://bugzilla.mozilla.org/show_bug.cgi?id=162020

https://bugzilla.mozilla.org/show_bug.cgi?id=253121

https://bugzilla.mozilla.org/show_bug.cgi?id=244965

https://bugzilla.mozilla.org/show_bug.cgi?id=234058

https://access.redhat.com/errata/RHSA-2004:421

Plugin Details

Severity: Critical

ID: 14214

File Name: redhat-RHSA-2004-421.nasl

Version: 1.36

Type: local

Agent: unix

Published: 8/5/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:galeon, p-cpe:/a:redhat:enterprise_linux:mozilla, p-cpe:/a:redhat:enterprise_linux:mozilla-chat, p-cpe:/a:redhat:enterprise_linux:mozilla-devel, p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector, p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger, p-cpe:/a:redhat:enterprise_linux:mozilla-mail, p-cpe:/a:redhat:enterprise_linux:mozilla-nspr, p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel, p-cpe:/a:redhat:enterprise_linux:mozilla-nss, p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel, cpe:/o:redhat:enterprise_linux:2.1, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/4/2004

Vulnerability Publication Date: 7/27/2004

Reference Information

CVE: CVE-2004-0597, CVE-2004-0599, CVE-2004-0718, CVE-2004-0722, CVE-2004-0757, CVE-2004-0758, CVE-2004-0759, CVE-2004-0760, CVE-2004-0761, CVE-2004-0762, CVE-2004-0763, CVE-2004-0764, CVE-2004-0765

RHSA: 2004:421