RedHatRHSA-2005:386(RHSA-2005:386) Mozilla security update
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.953 High
EPSS
Percentile
99.2%
Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.
Vladimir V. Perepelitsa discovered a bug in the way Mozilla handles
anonymous functions during regular expression string replacement. It is
possible for a malicious web page to capture a random block of browser
memory. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0989 to this issue.
Doron Rosenberg discovered a bug in the way Mozilla displays pop-up
windows. If a user choses to open a pop-up window whose URL is malicious
javascript, the script will be executed with elevated privileges.
(CAN-2005-1153)
A bug was found in the way Mozilla handles the javascript global scope for
a window. It is possible for a malicious web page to define a global
variable known to be used by a different site, allowing malicious code to
be executed in the context of the site. (CAN-2005-1154)
Michael Krax discovered a bug in the way Mozilla handles favicon links. A
malicious web page can programatically define a favicon link tag as
javascript, executing arbitrary javascript with elevated privileges.
(CAN-2005-1155)
Michael Krax discovered a bug in the way Mozilla installed search plugins.
If a user chooses to install a search plugin from a malicious site, the new
plugin could silently overwrite an existing plugin. This could allow the
malicious plugin to execute arbitrary code and stealm sensitive
information. (CAN-2005-1156 CAN-2005-1157)
A bug was found in the way Mozilla validated several XPInstall related
javascript objects. A malicious web page could pass other objects to the
XPInstall objects, resulting in the javascript interpreter jumping to
arbitrary locations in memory. (CAN-2005-1159)
A bug was found in the way the Mozilla privileged UI code handled DOM nodes
from the content window. A malicious web page could install malicious
javascript code or steal data requiring a user to do commonplace actions
such as clicking a link or opening the context menu. (CAN-2005-1160)
Users of Mozilla are advised to upgrade to this updated package which
contains Mozilla version 1.7.7 to correct these issues.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | ia64 | mozilla-mail | < 1.7.7-1.4.2 | mozilla-mail-1.7.7-1.4.2.ia64.rpm |
| RedHat | any | x86_64 | mozilla | < 1.7.7-1.4.2 | mozilla-1.7.7-1.4.2.x86_64.rpm |
| RedHat | any | x86_64 | mozilla-mail | < 1.7.7-1.4.2 | mozilla-mail-1.7.7-1.4.2.x86_64.rpm |
| RedHat | any | s390 | mozilla-nss-devel | < 1.7.7-1.4.2 | mozilla-nss-devel-1.7.7-1.4.2.s390.rpm |
| RedHat | any | s390 | mozilla-js-debugger | < 1.7.7-1.4.2 | mozilla-js-debugger-1.7.7-1.4.2.s390.rpm |
| RedHat | any | i386 | mozilla-dom-inspector | < 1.7.7-1.4.2 | mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm |
| RedHat | any | src | devhelp | < 0.9.2-2.4.4 | devhelp-0.9.2-2.4.4.src.rpm |
| RedHat | any | ia64 | mozilla-devel | < 1.7.7-1.4.2 | mozilla-devel-1.7.7-1.4.2.ia64.rpm |
| RedHat | any | s390 | mozilla-nss | < 1.7.7-1.4.2 | mozilla-nss-1.7.7-1.4.2.s390.rpm |
| RedHat | any | ppc | devhelp-devel | < 0.9.2-2.4.4 | devhelp-devel-0.9.2-2.4.4.ppc.rpm |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.953 High
EPSS
Percentile
99.2%