CentOS 4 : mozilla (CESA-2005:386)
High Nessus Plugin ID 21931
SynopsisThe remote CentOS host is missing one or more security updates.
DescriptionUpdated mozilla packages that fix various security bugs are now available.
This update has been rated as having Important security impact by the Red Hat Security Response Team.
Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.
Vladimir V. Perepelitsa discovered a bug in the way Mozilla handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0989 to this issue.
Michael Krax discovered a bug in the way Mozilla installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and stealm sensitive information. (CVE-2005-1156 CVE-2005-1157)
Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.7 to correct these issues.
SolutionUpdate the affected mozilla packages.