7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.924 High
EPSS
Percentile
98.9%
The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project.
The following vulnerabilities were found and fixed in the Mozilla Suite and Mozilla Firefox:
The following Firefox-specific vulnerabilities have also been discovered:
The various JavaScript execution with elevated privileges issues can be exploited by a remote attacker to install malicious code or steal data. The memory disclosure issue can be used to reveal potentially sensitive information. Finally, the cache pollution issue and search plugin abuse can be leveraged in cross-site-scripting attacks.
There is no known workaround at this time.
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.3"
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.3"
All Mozilla Suite users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.7"
All Mozilla Suite binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.7"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | www-client/mozilla-firefox | < 1.0.3 | UNKNOWN |
Gentoo | any | all | www-client/mozilla-firefox-bin | < 1.0.3 | UNKNOWN |
Gentoo | any | all | www-client/mozilla | < 1.7.7 | UNKNOWN |
Gentoo | any | all | www-client/mozilla-bin | < 1.7.7 | UNKNOWN |