CentOS ProjectCESA-2006:0329-01galeon, mozilla security update
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
CentOS Errata and Security Advisory CESA-2006:0329-01
Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.
Several bugs were found in the way Mozilla processes malformed javascript.
A malicious web page could modify the content of a different open web
page, possibly stealing sensitive information or conducting a cross-site
scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)
Several bugs were found in the way Mozilla processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of “chrome”, allowing the page to steal
sensitive information or install browser malware. (CVE-2006-1727,
CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)
Several bugs were found in the way Mozilla processes malformed web pages.
A carefully crafted malicious web page could cause the execution of
arbitrary code as the user running Mozilla. (CVE-2006-0748, CVE-2006-0749,
CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)
A bug was found in the way Mozilla displays the secure site icon. If a
browser is configured to display the non-default secure site modal warning
dialog, it may be possible to trick a user into believing they are viewing
a secure site. (CVE-2006-1740)
A bug was found in the way Mozilla allows javascript mutation events on
“input” form elements. A malicious web page could be created in such a way
that when a user submits a form, an arbitrary file could be uploaded to the
attacker. (CVE-2006-1729)
A bug was found in the way Mozilla executes in-line mail forwarding. If a
user can be tricked into forwarding a maliciously crafted mail message as
in-line content, it is possible for the message to execute javascript with
the permissions of “chrome”. (CVE-2006-0884)
Users of Mozilla are advised to upgrade to these updated packages
containing Mozilla version 1.7.13 which corrects these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-April/074990.html
Affected packages:
galeon
mozilla
mozilla-chat
mozilla-devel
mozilla-dom-inspector
mozilla-js-debugger
mozilla-mail
mozilla-nspr
mozilla-nspr-devel
mozilla-nss
mozilla-nss-devel
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 2 | i386 | galeon | < 1.2.14-1.2.8 | galeon-1.2.14-1.2.8.i386.rpm |
| CentOS | 2 | i386 | mozilla | < 1.7.13-1.1.2.2.c2.1 | mozilla-1.7.13-1.1.2.2.c2.1.i386.rpm |
| CentOS | 2 | i386 | mozilla-chat | < 1.7.13-1.1.2.2.c2.1 | mozilla-chat-1.7.13-1.1.2.2.c2.1.i386.rpm |
| CentOS | 2 | i386 | mozilla-devel | < 1.7.13-1.1.2.2.c2.1 | mozilla-devel-1.7.13-1.1.2.2.c2.1.i386.rpm |
| CentOS | 2 | i386 | mozilla-dom-inspector | < 1.7.13-1.1.2.2.c2.1 | mozilla-dom-inspector-1.7.13-1.1.2.2.c2.1.i386.rpm |
| CentOS | 2 | i386 | mozilla-js-debugger | < 1.7.13-1.1.2.2.c2.1 | mozilla-js-debugger-1.7.13-1.1.2.2.c2.1.i386.rpm |
| CentOS | 2 | i386 | mozilla-mail | < 1.7.13-1.1.2.2.c2.1 | mozilla-mail-1.7.13-1.1.2.2.c2.1.i386.rpm |
| CentOS | 2 | i386 | mozilla-nspr | < 1.7.13-1.1.2.2.c2.1 | mozilla-nspr-1.7.13-1.1.2.2.c2.1.i386.rpm |
| CentOS | 2 | i386 | mozilla-nspr-devel | < 1.7.13-1.1.2.2.c2.1 | mozilla-nspr-devel-1.7.13-1.1.2.2.c2.1.i386.rpm |
| CentOS | 2 | i386 | mozilla-nss | < 1.7.13-1.1.2.2.c2.1 | mozilla-nss-1.7.13-1.1.2.2.c2.1.i386.rpm |
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%