mozilla security update

2005-09-11T23:22:26
ID CESA-2005:769-01
Type centos
Reporter CentOS Project
Modified 2005-09-11T23:22:26

Description

CentOS Errata and Security Advisory CESA-2005:769-01

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

A bug was found in the way Mozilla processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Mozilla to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2871 to this issue.

Users of Mozilla are advised to upgrade to this updated package that contains a backported patch and is not vulnerable to this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2005-September/012157.html

Affected packages: mozilla mozilla-chat mozilla-devel mozilla-dom-inspector mozilla-js-debugger mozilla-mail mozilla-nspr mozilla-nspr-devel mozilla-nss mozilla-nss-devel

Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html