GLSA-200507-24 : Mozilla Suite: Multiple vulnerabilities
Medium Nessus Plugin ID 19326
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200507-24 (Mozilla Suite: Multiple vulnerabilities)
The following vulnerabilities were found and fixed in the Mozilla Suite:
'moz_bug_r_a4' and 'shutdown' discovered that the Mozilla Suite was improperly cloning base objects (MFSA 2005-56).
'moz_bug_r_a4' reported that the suite failed to validate XHTML DOM nodes properly (MFSA 2005-55).
Andreas Sandblad of Secunia reported that top.focus() can be called in the context of a child frame even if the framing page comes from a different origin and has overridden the focus() routine (MFSA 2005-52).
Secunia reported that a frame-injection spoofing bug which was fixed in earlier versions, was accidentally bypassed in Mozilla Suite 1.7.7 (MFSA 2005-51).
'shutdown' reported that InstallVersion.compareTo() might be exploitable. When it gets an object rather than a string, the browser would generally crash with an access violation (MFSA 2005-50).
Matthew Mastracci reported that by forcing a page navigation immediately after calling the install method can end up running in the context of the new page selected by the attacker (MFSA 2005-48).
Omar Khan, Jochen, 'shutdown' and Matthew Mastracci reported that the Mozilla Suite incorrectly distinguished between true events like mouse clicks or keystrokes and synthetic events generated by a web content (MFSA 2005-45).
There is no known workaround at this time.
SolutionAll Mozilla Suite users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-1.7.10' All Mozilla Suite binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-bin-1.7.10'