RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:587)
High Nessus Plugin ID 19285
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionUpdated mozilla packages that fix various security issues are now available.
This update has been rated as having important security impact by the Red Hat Security Response Team.
Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.
A bug was found in the way Mozilla installed its extensions. If a user can be tricked into visiting a malicious webpage, it may be possible to obtain sensitive information such as cookies or passwords.
A bug was found in the way Mozilla handled multiple frame domains. It is possible for a frame as part of a malicious website to inject content into a frame that belongs to another domain. This issue was previously fixed as CVE-2004-0718 but was accidentally disabled.
A bug was found in the way Mozilla handled child frames. It is possible for a malicious framed page to steal sensitive information from its parent page. (CVE-2005-2266)
A bug was found in the way Mozilla cloned base objects. It is possible for Web content to traverse the prototype chain to gain access to privileged chrome objects. (CVE-2005-2270)
Users of Mozilla are advised to upgrade to these updated packages, which contain Mozilla version 1.7.10 and are not vulnerable to these issues.
SolutionUpdate the affected packages.