Executive Summary
Summary | |
---|---|
Title | mozilla security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:769 | First vendor Publication | 2005-09-09 |
Vendor | RedHat | Last vendor Modification | 2005-09-09 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated mozilla package that fixes a security bug is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Mozilla to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2871 to this issue. Users of Mozilla are advised to upgrade to this updated package that contains a backported patch and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 167934 - CAN-2005-2871 Mozilla buffer overflow |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-769.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1287 | |||
Oval ID: | oval:org.mitre.oval:def:1287 | ||
Title: | Mozilla IDN heap overrun using soft-hyphens | ||
Description: | Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2871 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:584 | |||
Oval ID: | oval:org.mitre.oval:def:584 | ||
Title: | Mozilla IDN heap overrun using soft-hyphens | ||
Description: | Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-2871 | Version: | 3 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9608 | |||
Oval ID: | oval:org.mitre.oval:def:9608 | ||
Title: | Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. | ||
Description: | Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2871 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-05-05 | Name : HP-UX Update for Mozilla remote HPSBUX01133 File : nvt/gb_hp_ux_HPSBUX01133.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200509-11 (mozilla) File : nvt/glsa_200509_11.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox19.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 837-1 (mozilla-firefox) File : nvt/deb_837_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 866-1 (mozilla) File : nvt/deb_866_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 868-1 (mozilla-thunderbird) File : nvt/deb_868_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
59850 | Netscape International Domain Name (IDN) URL Domain Name Overflow |
19255 | Mozilla Multiple Browser International Domain Name (IDN) URL Domain Name Over... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla Firefox domain name handling buffer overflow attempt RuleID : 17222 - Revision : 10 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox domain name handling buffer overflow attempt RuleID : 17221 - Revision : 9 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox domain name handling buffer overflow attempt RuleID : 17220 - Revision : 9 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox domain name handling buffer overflow attempt RuleID : 17219 - Revision : 12 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-791.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-768.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-769.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8665ebb9223711da978e0001020eed82.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-181-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-174.nasl - Type : ACT_GATHER_INFO |
2005-10-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-868.nasl - Type : ACT_GATHER_INFO |
2005-10-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-866.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-791.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-962.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-963.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200509-11.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-170.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-837.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-871.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-872.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-873.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-874.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : A web browser on the remote host is prone to multiple flaws, including arbitr... File : mozilla_firefox_106.nasl - Type : ACT_GATHER_INFO |
2005-09-14 | Name : The remote version of Mozilla Thunderbird suffers from several flaws. File : mozilla_thunderbird_107.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-768.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-769.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:40 |
|