7.5 - RHSA-2005:435

Executive Summary

Summary
Title	mozilla security update

Informations
Name	RHSA-2005:435	First vendor Publication	2005-05-23
Vendor	RedHat	Last vendor Modification	2005-05-23
Severity (Vendor)	Important	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated mozilla packages that fix various security bugs are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several bugs were found in the way Mozilla executes javascript code. Javascript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute javascript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-1476, CAN-2005-1477, CAN-2005-1531, and CAN-2005-1532 to these issues.

Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/galeon-1.2.14-1.2.5.src.rpm 4af4ef3c2227af8f776425c9d1bbc281 galeon-1.2.14-1.2.5.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.7.8-1.1.2.1.src.rpm 8a34bfad0cf67f237dff6361157ae06e mozilla-1.7.8-1.1.2.1.src.rpm

i386: 0d57746e65417719999e5829f5551ce8 galeon-1.2.14-1.2.5.i386.rpm 6b5e9c8e06ada5a63ce0fae0709bdf5e mozilla-1.7.8-1.1.2.1.i386.rpm d489fab35d5b56b3d3ac195ca8f95722 mozilla-chat-1.7.8-1.1.2.1.i386.rpm c700e7769c9f726d9fee71e2a92ead3f mozilla-devel-1.7.8-1.1.2.1.i386.rpm ad0afbfd7d41d05d60e47c4af636738f mozilla-dom-inspector-1.7.8-1.1.2.1.i386.rpm 2e9a40b46f34782810704a8e961c92b2 mozilla-js-debugger-1.7.8-1.1.2.1.i386.rpm 172f647e7eb962ee1659afa9c60c4791 mozilla-mail-1.7.8-1.1.2.1.i386.rpm 0fb9e6b246e579b41c41644ebacc8d32 mozilla-nspr-1.7.8-1.1.2.1.i386.rpm 6ed8d6aba58e45a3458524562117e62d mozilla-nspr-devel-1.7.8-1.1.2.1.i386.rpm 46d3552771e8425c08b878b8eceb61df mozilla-nss-1.7.8-1.1.2.1.i386.rpm 66930f01ee46e52b8d91ac42c59c50e6 mozilla-nss-devel-1.7.8-1.1.2.1.i386.rpm

ia64: 61864d5181a383178f1d04a45a934bcf galeon-1.2.14-1.2.5.ia64.rpm 200b07850adcbd520797ef5df5303d05 mozilla-1.7.8-1.1.2.1.ia64.rpm b43bcd118155d74a52f23ec119a5608d mozilla-chat-1.7.8-1.1.2.1.ia64.rpm 03464e784fdb548b406f79f82d05041d mozilla-devel-1.7.8-1.1.2.1.ia64.rpm 9db5e619a99bd1bffc58240c493f9f3d mozilla-dom-inspector-1.7.8-1.1.2.1.ia64.rpm edb91fd591647b55c671bfd5ac4f32b9 mozilla-js-debugger-1.7.8-1.1.2.1.ia64.rpm 9114877d323cf0c40ca88853b68019f0 mozilla-mail-1.7.8-1.1.2.1.ia64.rpm bc433f7c6ad1ac40d0ee6cbbc4145834 mozilla-nspr-1.7.8-1.1.2.1.ia64.rpm 0b72848a620aff45e07a357c329ca278 mozilla-nspr-devel-1.7.8-1.1.2.1.ia64.rpm 0a60c2f6e40b8417f94930e1448ee70f mozilla-nss-1.7.8-1.1.2.1.ia64.rpm e54f185c50c77d66aa4a2c1c8502856a mozilla-nss-devel-1.7.8-1.1.2.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/galeon-1.2.14-1.2.5.src.rpm 4af4ef3c2227af8f776425c9d1bbc281 galeon-1.2.14-1.2.5.src.rpm ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.7.8-1.1.2.1.src.rpm 8a34bfad0cf67f237dff6361157ae06e mozilla-1.7.8-1.1.2.1.src.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/galeon-1.2.14-1.2.5.src.rpm 4af4ef3c2227af8f776425c9d1bbc281 galeon-1.2.14-1.2.5.src.rpm ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.7.8-1.1.2.1.src.rpm 8a34bfad0cf67f237dff6361157ae06e mozilla-1.7.8-1.1.2.1.src.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/galeon-1.2.14-1.2.5.src.rpm 4af4ef3c2227af8f776425c9d1bbc281 galeon-1.2.14-1.2.5.src.rpm ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.7.8-1.1.2.1.src.rpm 8a34bfad0cf67f237dff6361157ae06e mozilla-1.7.8-1.1.2.1.src.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.7.8-1.1.3.1.src.rpm 3dc5aeab418a1defa6bbc4bb442338d8 mozilla-1.7.8-1.1.3.1.src.rpm

i386: 870ac68a360eca871a301e71a0fd4987 mozilla-1.7.8-1.1.3.1.i386.rpm ce3a9c2b7880084c94e76ccef28ce64b mozilla-chat-1.7.8-1.1.3.1.i386.rpm 0b11fb477e6e6f7b375b03db705a8195 mozilla-devel-1.7.8-1.1.3.1.i386.rpm efb75d10b662a39126ec600b794f3f1e mozilla-dom-inspector-1.7.8-1.1.3.1.i386.rpm f5230481c55138d42959a368eee0dbaf mozilla-js-debugger-1.7.8-1.1.3.1.i386.rpm e8d6887bbd2938a9c0ba49d1943e26d4 mozilla-mail-1.7.8-1.1.3.1.i386.rpm fb9c5334077e22a664547e7aca56134d mozilla-nspr-1.7.8-1.1.3.1.i386.rpm 3a3d8f63fb8bf1919e16330b86f200fa mozilla-nspr-devel-1.7.8-1.1.3.1.i386.rpm c4a5e58156cc27f79340fb3197df2aa5 mozilla-nss-1.7.8-1.1.3.1.i386.rpm ae7d32f41c0608c574bc5da9bcdbb31d mozilla-nss-devel-1.7.8-1.1.3.1.i386.rpm

ia64: 3da634df2d209c52baab5109fd4a7414 mozilla-1.7.8-1.1.3.1.ia64.rpm 88beb68f5cbee8b6c6be7a5f59820831 mozilla-chat-1.7.8-1.1.3.1.ia64.rpm b54b805f7285279c750e8d9976a1bbb7 mozilla-devel-1.7.8-1.1.3.1.ia64.rpm 919f5501862aef75aad8cce3fd01946a mozilla-dom-inspector-1.7.8-1.1.3.1.ia64.rpm 1d59302416938a8bed27829f0090e56e mozilla-js-debugger-1.7.8-1.1.3.1.ia64.rpm 7694d70e7371b64c73cd5a0072c6e7d6 mozilla-mail-1.7.8-1.1.3.1.ia64.rpm fb9c5334077e22a664547e7aca56134d mozilla-nspr-1.7.8-1.1.3.1.i386.rpm 375c321030eb255a7d5dae9b5dbd575b mozilla-nspr-1.7.8-1.1.3.1.ia64.rpm f3de5b126bf6a683e920f1de924ed504 mozilla-nspr-devel-1.7.8-1.1.3.1.ia64.rpm c4a5e58156cc27f79340fb3197df2aa5 mozilla-nss-1.7.8-1.1.3.1.i386.rpm 7f4a1a1a7c24e794ee147f371aa1ef84 mozilla-nss-1.7.8-1.1.3.1.ia64.rpm c9cbcc7c6ec7df8996d1621360edc53b mozilla-nss-devel-1.7.8-1.1.3.1.ia64.rpm

ppc: 51486da061be3df29c0aa420e9b5f553 mozilla-1.7.8-1.1.3.1.ppc.rpm 8dee68f395cc5d45d9f6dfae78659359 mozilla-chat-1.7.8-1.1.3.1.ppc.rpm aa09512e7e5233a28186422a069b9ec7 mozilla-devel-1.7.8-1.1.3.1.ppc.rpm cda5ef2aad64e367fc85dec9afbe1d8e mozilla-dom-inspector-1.7.8-1.1.3.1.ppc.rpm 2ece04da6170a66e7cea5b93c7f55912 mozilla-js-debugger-1.7.8-1.1.3.1.ppc.rpm b80b2cdfc27e7d6107cf0cb9af996460 mozilla-mail-1.7.8-1.1.3.1.ppc.rpm 00085d74dfca25be9ac51078158e4877 mozilla-nspr-1.7.8-1.1.3.1.ppc.rpm adbdd30e4ceee4e59338b92b06f5ce7c mozilla-nspr-devel-1.7.8-1.1.3.1.ppc.rpm 55a383f7c0b17d3d5431ef1aedf89a1b mozilla-nss-1.7.8-1.1.3.1.ppc.rpm 8b4ebe25085a97642aff951673ec28bb mozilla-nss-devel-1.7.8-1.1.3.1.ppc.rpm

s390: 82b7172c9610ebe197d52dfaee7ae207 mozilla-1.7.8-1.1.3.1.s390.rpm 146653bf0d1a5fc2152b8aaa1beba1a6 mozilla-chat-1.7.8-1.1.3.1.s390.rpm e29e4f9ac31b1d60f123d35cdad8fe3a mozilla-devel-1.7.8-1.1.3.1.s390.rpm 4f91d82644edc7a10f73a1769a259490 mozilla-dom-inspector-1.7.8-1.1.3.1.s390.rpm 5ac66a74c6703abe2743eefe61819c43 mozilla-js-debugger-1.7.8-1.1.3.1.s390.rpm a3b3bef3af3c3942ba58e8e4a45315a1 mozilla-mail-1.7.8-1.1.3.1.s390.rpm b3357a38291d9867c0f403bd3c422407 mozilla-nspr-1.7.8-1.1.3.1.s390.rpm 967396c66f5d721e467a695e0b72f225 mozilla-nspr-devel-1.7.8-1.1.3.1.s390.rpm 45afcd8c8e9410f155e84714b267ce74 mozilla-nss-1.7.8-1.1.3.1.s390.rpm 3169b9780ab37d297ec54850cf85472c mozilla-nss-devel-1.7.8-1.1.3.1.s390.rpm

s390x: 13a4b63a58a2f6aef9de6789be39a265 mozilla-1.7.8-1.1.3.1.s390x.rpm 77b20dba51693af117be14701ea4c516 mozilla-chat-1.7.8-1.1.3.1.s390x.rpm c99294f8cd3a1390970976570c2c7172 mozilla-devel-1.7.8-1.1.3.1.s390x.rpm fa390fc47946d90c919e4bf5854a9bf4 mozilla-dom-inspector-1.7.8-1.1.3.1.s390x.rpm c0191f2e376c4faa89e1c682213bf96a mozilla-js-debugger-1.7.8-1.1.3.1.s390x.rpm 8c0b644dc7ca3faba14ce8ad4c1e75d8 mozilla-mail-1.7.8-1.1.3.1.s390x.rpm b3357a38291d9867c0f403bd3c422407 mozilla-nspr-1.7.8-1.1.3.1.s390.rpm 006ee76e1ce19fafd8d8c0d65959f2cf mozilla-nspr-1.7.8-1.1.3.1.s390x.rpm 40cbc254ad75b1c20f636f4548cddd39 mozilla-nspr-devel-1.7.8-1.1.3.1.s390x.rpm 45afcd8c8e9410f155e84714b267ce74 mozilla-nss-1.7.8-1.1.3.1.s390.rpm 379022eebd17ae809e8dd68bde90300b mozilla-nss-1.7.8-1.1.3.1.s390x.rpm d3d8f8a76471ab03e8d190ac0607c118 mozilla-nss-devel-1.7.8-1.1.3.1.s390x.rpm

x86_64: 870ac68a360eca871a301e71a0fd4987 mozilla-1.7.8-1.1.3.1.i386.rpm 7b7bc3bba5742bc6c3cb3fd643f0c5ab mozilla-1.7.8-1.1.3.1.x86_64.rpm 906b61a5b213022c7220eacacb81205a mozilla-chat-1.7.8-1.1.3.1.x86_64.rpm 53817ff1c1fcb16fb82ab5bcb3f6c828 mozilla-devel-1.7.8-1.1.3.1.x86_64.rpm 4755d1c7c53b5153f02ecc500107042e mozilla-dom-inspector-1.7.8-1.1.3.1.x86_64.rpm 5d3c16ace40af1f8a9542552a37919b9 mozilla-js-debugger-1.7.8-1.1.3.1.x86_64.rpm 5b92cb2a18bb433fb90b54ae388c82b7 mozilla-mail-1.7.8-1.1.3.1.x86_64.rpm fb9c5334077e22a664547e7aca56134d mozilla-nspr-1.7.8-1.1.3.1.i386.rpm 1c411ee9205d1a7280bc0048abcb1a13 mozilla-nspr-1.7.8-1.1.3.1.x86_64.rpm 6860ba3fa84f06c98cbb3ee2947f2259 mozilla-nspr-devel-1.7.8-1.1.3.1.x86_64.rpm c4a5e58156cc27f79340fb3197df2aa5 mozilla-nss-1.7.8-1.1.3.1.i386.rpm 701829d151a0c27f34a8abe156d83ed3 mozilla-nss-1.7.8-1.1.3.1.x86_64.rpm 01008a68cf53a2ed6ee31bcc5b5f06b1 mozilla-nss-devel-1.7.8-1.1.3.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mozilla-1.7.8-1.1.3.1.src.rpm 3dc5aeab418a1defa6bbc4bb442338d8 mozilla-1.7.8-1.1.3.1.src.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mozilla-1.7.8-1.1.3.1.src.rpm 3dc5aeab418a1defa6bbc4bb442338d8 mozilla-1.7.8-1.1.3.1.src.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mozilla-1.7.8-1.1.3.1.src.rpm 3dc5aeab418a1defa6bbc4bb442338d8 mozilla-1.7.8-1.1.3.1.src.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mozilla-1.7.8-1.4.1.src.rpm 7c0ab7bbbeb54462283a7c5039449faf mozilla-1.7.8-1.4.1.src.rpm

i386: dc6db084224c84bf44f7dd3786718e7f mozilla-1.7.8-1.4.1.i386.rpm 7c5ff5f358a6e4484ba8272dda210207 mozilla-chat-1.7.8-1.4.1.i386.rpm 662e74c40eb1437afdbb471f55828865 mozilla-devel-1.7.8-1.4.1.i386.rpm 1123f6d31ee1f9c39a46302885547565 mozilla-dom-inspector-1.7.8-1.4.1.i386.rpm 6a2ce8f9815d41e71d0a901d12dca5a0 mozilla-js-debugger-1.7.8-1.4.1.i386.rpm d728d457697717de417ec9122cf1f75a mozilla-mail-1.7.8-1.4.1.i386.rpm 0b76648ada634831fc5fa155e28bf952 mozilla-nspr-1.7.8-1.4.1.i386.rpm 342e82120afdd018ea16f6cd4d3f184e mozilla-nspr-devel-1.7.8-1.4.1.i386.rpm 60196c54459dce73d25f0a64cf88a028 mozilla-nss-1.7.8-1.4.1.i386.rpm 2ac29a35775d5d7c72551c8b504e8921 mozilla-nss-devel-1.7.8-1.4.1.i386.rpm

ia64: 96ff587d24938b8c122f7127637742f0 mozilla-1.7.8-1.4.1.ia64.rpm 3da4736e13dc6221c88008fd9d635afe mozilla-chat-1.7.8-1.4.1.ia64.rpm 53a3c89bcf79ea44870177e5cd6f4654 mozilla-devel-1.7.8-1.4.1.ia64.rpm 086a20518bb04a165ea5f046805becb6 mozilla-dom-inspector-1.7.8-1.4.1.ia64.rpm b05caa2abfe35e8b024f198c0aee9112 mozilla-js-debugger-1.7.8-1.4.1.ia64.rpm 79e98c5021cc6cdb0b7d669da37829af mozilla-mail-1.7.8-1.4.1.ia64.rpm 0b76648ada634831fc5fa155e28bf952 mozilla-nspr-1.7.8-1.4.1.i386.rpm 79a170662136cfb29bcc3c6cd9f8f03a mozilla-nspr-1.7.8-1.4.1.ia64.rpm e5fc5775a9cfa4761b639e851dbf6a6b mozilla-nspr-devel-1.7.8-1.4.1.ia64.rpm 60196c54459dce73d25f0a64cf88a028 mozilla-nss-1.7.8-1.4.1.i386.rpm 99daac3861be9be82d36a2b8c9c04725 mozilla-nss-1.7.8-1.4.1.ia64.rpm f2ad813457f9d05073f49d43a9841614 mozilla-nss-devel-1.7.8-1.4.1.ia64.rpm

ppc: 2d0ea4c5d29148795bd5974528257351 mozilla-1.7.8-1.4.1.ppc.rpm 4aa1dbc524c9ecbe6e5b0ead50251927 mozilla-chat-1.7.8-1.4.1.ppc.rpm 5bcde544238baa8ad32a8911abb32333 mozilla-devel-1.7.8-1.4.1.ppc.rpm 72d505634e89088069edb1985a5eb518 mozilla-dom-inspector-1.7.8-1.4.1.ppc.rpm f4c7cd5bdab5018fa5e3efd141a2ca90 mozilla-js-debugger-1.7.8-1.4.1.ppc.rpm 3b764580bc001d4253bd795b7de6fbdc mozilla-mail-1.7.8-1.4.1.ppc.rpm 51e600e9a644602bb5ba3f970cf6925a mozilla-nspr-1.7.8-1.4.1.ppc.rpm 17bdd36692be6f227e821647fc5e7081 mozilla-nspr-devel-1.7.8-1.4.1.ppc.rpm 17e79b168acbfb72ba77fa43f9c1695e mozilla-nss-1.7.8-1.4.1.ppc.rpm b2ca4fc22c6164e1f0546126e25c2e57 mozilla-nss-devel-1.7.8-1.4.1.ppc.rpm

s390: fad7c1234ae215e431d1b8e973f3dc1f mozilla-1.7.8-1.4.1.s390.rpm 2178467656f39ff9002be8fdea6f8938 mozilla-chat-1.7.8-1.4.1.s390.rpm 57e6a4822a984f25ddfed3854c65b2c1 mozilla-devel-1.7.8-1.4.1.s390.rpm 2279127971239551d7ff4c2072d41db8 mozilla-dom-inspector-1.7.8-1.4.1.s390.rpm db16d2a48f70f1ad9ddc5f28d9c28370 mozilla-js-debugger-1.7.8-1.4.1.s390.rpm 30db877e85657fd4e7b554aafc35f72f mozilla-mail-1.7.8-1.4.1.s390.rpm 7adb114f5b80bd3407c3afc742ed7b66 mozilla-nspr-1.7.8-1.4.1.s390.rpm 9f7c32eeb619d0019b7f1b32f94d281a mozilla-nspr-devel-1.7.8-1.4.1.s390.rpm d4d02c2cc32fb3cc8837eb9e0c4a05f0 mozilla-nss-1.7.8-1.4.1.s390.rpm a45785de20ac5b6a20317e9eed3c4873 mozilla-nss-devel-1.7.8-1.4.1.s390.rpm

s390x: 3b5f3e56cd8a1b1176ca9e9c233522fb mozilla-1.7.8-1.4.1.s390x.rpm bd2b99f5299218180313b240f375810d mozilla-chat-1.7.8-1.4.1.s390x.rpm 26d008e9620dff8fa4bebb0d777251f8 mozilla-devel-1.7.8-1.4.1.s390x.rpm 31f47c9400501e72954185e6590bb457 mozilla-dom-inspector-1.7.8-1.4.1.s390x.rpm 69e96a3267d2f008c61a15472df8778b mozilla-js-debugger-1.7.8-1.4.1.s390x.rpm 5d5f9bf030348d9c5000553f1c6c110c mozilla-mail-1.7.8-1.4.1.s390x.rpm 7adb114f5b80bd3407c3afc742ed7b66 mozilla-nspr-1.7.8-1.4.1.s390.rpm b7c14ac8c529ad6fcaeb322f91746d6f mozilla-nspr-1.7.8-1.4.1.s390x.rpm 167501844983a2a20846ca59dea78344 mozilla-nspr-devel-1.7.8-1.4.1.s390x.rpm d4d02c2cc32fb3cc8837eb9e0c4a05f0 mozilla-nss-1.7.8-1.4.1.s390.rpm 19c855aa2f3b4e3b63d5bc17d32e0736 mozilla-nss-1.7.8-1.4.1.s390x.rpm 171ed14c08f0031224677c807b2340a6 mozilla-nss-devel-1.7.8-1.4.1.s390x.rpm

x86_64: cb725ffc3ebc44576f34b504e9bc08e3 mozilla-1.7.8-1.4.1.x86_64.rpm bcf98f82ec91984e36f3a3e03c119c64 mozilla-chat-1.7.8-1.4.1.x86_64.rpm 4440d5337292437d632c90c5cb8d11e3 mozilla-devel-1.7.8-1.4.1.x86_64.rpm 33b4c9f2f75c04e9d62ab2cd99f5f070 mozilla-dom-inspector-1.7.8-1.4.1.x86_64.rpm b410714912918550ae0e0dfa31f32af1 mozilla-js-debugger-1.7.8-1.4.1.x86_64.rpm 13440bbd30a7496a25befd498f97e514 mozilla-mail-1.7.8-1.4.1.x86_64.rpm 0b76648ada634831fc5fa155e28bf952 mozilla-nspr-1.7.8-1.4.1.i386.rpm 2c4f86c21a9418902cf49dd7898ec145 mozilla-nspr-1.7.8-1.4.1.x86_64.rpm 3e965da1928ce249f86d9aee8b54168c mozilla-nspr-devel-1.7.8-1.4.1.x86_64.rpm 60196c54459dce73d25f0a64cf88a028 mozilla-nss-1.7.8-1.4.1.i386.rpm df75dc7c767a195caafcce176320e90f mozilla-nss-1.7.8-1.4.1.x86_64.rpm a93e63fce629b8735597b23daa7e4ef6 mozilla-nss-devel-1.7.8-1.4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mozilla-1.7.8-1.4.1.src.rpm 7c0ab7bbbeb54462283a7c5039449faf mozilla-1.7.8-1.4.1.src.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mozilla-1.7.8-1.4.1.src.rpm 7c0ab7bbbeb54462283a7c5039449faf mozilla-1.7.8-1.4.1.src.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mozilla-1.7.8-1.4.1.src.rpm 7c0ab7bbbeb54462283a7c5039449faf mozilla-1.7.8-1.4.1.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2005-435.html

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:100001

Oval ID:	oval:org.mitre.oval:def:100001
Title:	Install Function in Firefox and Mozilla Permits Arbitrary Code Execution
Description:	The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-1477	Version:	3
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	mozilla
Definition Synopsis:
Firefox <= 1.0.3 or Mozilla Suite <= 1.7.7 is installed Firefox version 1.0.3 or earlier is installed AND Mozilla Suite version 1.7.7 or earlier is installed

Definition Id: oval:org.mitre.oval:def:100002

Oval ID:	oval:org.mitre.oval:def:100002
Title:	IFRAME in Firefox and Mozilla Permits Execution of Arbitrary Javascript in Other Domains
Description:	Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-1476	Version:	3
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	mozilla
Definition Synopsis:
Firefox <= 1.0.3 or Mozilla Suite <= 1.7.7 is installed Firefox version 1.0.3 or earlier is installed AND Mozilla Suite version 1.7.7 or earlier is installed

Definition Id: oval:org.mitre.oval:def:100014

Oval ID:	oval:org.mitre.oval:def:100014
Title:	Mozilla Script Privilege Context Vulnerabilities
Description:	Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-1532	Version:	5
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	mozilla Mozilla Firefox
Definition Synopsis:
Mozilla Firefox version 1.0.3 or earlier is installed Firefox version 1.0.3 or earlier is installed AND Mozilla Firefox version 1.0.3 or earlier is installed OR Mozilla Suite version 1.7.7 or earlier is installed Mozilla Suite version 1.7.7 or earlier is installed AND Mozilla Suite version 1.7.7 or earlier is installed

Definition Id: oval:org.mitre.oval:def:100015

Oval ID:	oval:org.mitre.oval:def:100015
Title:	Mozilla JavaScript Wrapping Vulnerability
Description:	Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-1531	Version:	5
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	mozilla Mozilla Firefox
Definition Synopsis:
Mozilla Firefox version 1.0.3 or earlier is installed Firefox version 1.0.3 or earlier is installed AND Mozilla Firefox version 1.0.3 or earlier is installed OR Mozilla Suite version 1.7.7 or earlier is installed Mozilla Suite version 1.7.7 or earlier is installed AND Mozilla Suite version 1.7.7 or earlier is installed

Definition Id: oval:org.mitre.oval:def:10045

Oval ID:	oval:org.mitre.oval:def:10045
Title:	Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.
Description:	Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-1476	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section mozilla-js-debugger is earlier than 37:1.7.8-1.1.3.1 AND mozilla is earlier than 37:1.7.8-1.1.3.1 AND mozilla-chat is earlier than 37:1.7.8-1.1.3.1 AND mozilla-mail is earlier than 37:1.7.8-1.1.3.1 AND mozilla-dom-inspector is earlier than 37:1.7.8-1.1.3.1 AND mozilla-devel is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nss is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nss-devel is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nspr is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nspr-devel is earlier than 37:1.7.8-1.1.3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section mozilla-js-debugger is earlier than 37:1.7.8-1.4.1 AND devhelp-devel is earlier than 0:0.9.2-2.4.5 AND mozilla is earlier than 37:1.7.8-1.4.1 AND mozilla-chat is earlier than 37:1.7.8-1.4.1 AND mozilla-mail is earlier than 37:1.7.8-1.4.1 AND mozilla-dom-inspector is earlier than 37:1.7.8-1.4.1 AND devhelp is earlier than 0:0.9.2-2.4.5 AND mozilla-nss is earlier than 37:1.7.8-1.4.1 AND mozilla-devel is earlier than 37:1.7.8-1.4.1 AND mozilla-nss-devel is earlier than 37:1.7.8-1.4.1 AND firefox is earlier than 0:1.0.4-1.4.1 AND mozilla-nspr is earlier than 37:1.7.8-1.4.1 AND mozilla-nspr-devel is earlier than 37:1.7.8-1.4.1

Definition Id: oval:org.mitre.oval:def:10351

Oval ID:	oval:org.mitre.oval:def:10351
Title:	Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
Description:	Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-1531	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section mozilla-js-debugger is earlier than 37:1.7.8-1.1.3.1 AND mozilla is earlier than 37:1.7.8-1.1.3.1 AND mozilla-chat is earlier than 37:1.7.8-1.1.3.1 AND mozilla-mail is earlier than 37:1.7.8-1.1.3.1 AND mozilla-dom-inspector is earlier than 37:1.7.8-1.1.3.1 AND mozilla-devel is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nss is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nss-devel is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nspr is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nspr-devel is earlier than 37:1.7.8-1.1.3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section mozilla-js-debugger is earlier than 37:1.7.8-1.4.1 AND devhelp-devel is earlier than 0:0.9.2-2.4.5 AND mozilla is earlier than 37:1.7.8-1.4.1 AND mozilla-chat is earlier than 37:1.7.8-1.4.1 AND mozilla-mail is earlier than 37:1.7.8-1.4.1 AND mozilla-dom-inspector is earlier than 37:1.7.8-1.4.1 AND devhelp is earlier than 0:0.9.2-2.4.5 AND mozilla-nss is earlier than 37:1.7.8-1.4.1 AND mozilla-devel is earlier than 37:1.7.8-1.4.1 AND mozilla-nss-devel is earlier than 37:1.7.8-1.4.1 AND firefox is earlier than 0:1.0.4-1.4.1 AND mozilla-nspr is earlier than 37:1.7.8-1.4.1 AND mozilla-nspr-devel is earlier than 37:1.7.8-1.4.1

Definition Id: oval:org.mitre.oval:def:10791

Oval ID:	oval:org.mitre.oval:def:10791
Title:	Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
Description:	Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-1532	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section mozilla-js-debugger is earlier than 37:1.7.8-1.1.3.1 AND mozilla is earlier than 37:1.7.8-1.1.3.1 AND mozilla-chat is earlier than 37:1.7.8-1.1.3.1 AND mozilla-mail is earlier than 37:1.7.8-1.1.3.1 AND mozilla-dom-inspector is earlier than 37:1.7.8-1.1.3.1 AND mozilla-devel is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nss is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nss-devel is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nspr is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nspr-devel is earlier than 37:1.7.8-1.1.3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section mozilla-js-debugger is earlier than 37:1.7.8-1.4.1 AND devhelp-devel is earlier than 0:0.9.2-2.4.5 AND mozilla is earlier than 37:1.7.8-1.4.1 AND thunderbird is earlier than 0:1.0.6-1.4.1 AND mozilla-chat is earlier than 37:1.7.8-1.4.1 AND mozilla-mail is earlier than 37:1.7.8-1.4.1 AND mozilla-dom-inspector is earlier than 37:1.7.8-1.4.1 AND devhelp is earlier than 0:0.9.2-2.4.5 AND mozilla-nss is earlier than 37:1.7.8-1.4.1 AND mozilla-devel is earlier than 37:1.7.8-1.4.1 AND mozilla-nss-devel is earlier than 37:1.7.8-1.4.1 AND firefox is earlier than 0:1.0.4-1.4.1 AND mozilla-nspr is earlier than 37:1.7.8-1.4.1 AND mozilla-nspr-devel is earlier than 37:1.7.8-1.4.1

Definition Id: oval:org.mitre.oval:def:9231

Oval ID:	oval:org.mitre.oval:def:9231
Title:	The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
Description:	The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-1477	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section mozilla-js-debugger is earlier than 37:1.7.8-1.1.3.1 AND mozilla is earlier than 37:1.7.8-1.1.3.1 AND mozilla-chat is earlier than 37:1.7.8-1.1.3.1 AND mozilla-mail is earlier than 37:1.7.8-1.1.3.1 AND mozilla-dom-inspector is earlier than 37:1.7.8-1.1.3.1 AND mozilla-devel is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nss is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nss-devel is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nspr is earlier than 37:1.7.8-1.1.3.1 AND mozilla-nspr-devel is earlier than 37:1.7.8-1.1.3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section mozilla-js-debugger is earlier than 37:1.7.8-1.4.1 AND devhelp-devel is earlier than 0:0.9.2-2.4.5 AND mozilla is earlier than 37:1.7.8-1.4.1 AND mozilla-chat is earlier than 37:1.7.8-1.4.1 AND mozilla-mail is earlier than 37:1.7.8-1.4.1 AND mozilla-dom-inspector is earlier than 37:1.7.8-1.4.1 AND devhelp is earlier than 0:0.9.2-2.4.5 AND mozilla-nss is earlier than 37:1.7.8-1.4.1 AND mozilla-devel is earlier than 37:1.7.8-1.4.1 AND mozilla-nss-devel is earlier than 37:1.7.8-1.4.1 AND firefox is earlier than 0:1.0.4-1.4.1 AND mozilla-nspr is earlier than 37:1.7.8-1.4.1 AND mozilla-nspr-devel is earlier than 37:1.7.8-1.4.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mozilla Firefox cpe:2.3:a:mozilla:firefox:1.0.3:::::::* cpe:2.3:a:mozilla:firefox:1.0.2:::::::* cpe:2.3:a:mozilla:firefox:1.0.1:::::::* cpe:2.3:a:mozilla:firefox:1.0:preview_release:::::: cpe:2.3:a:mozilla:firefox:1.0:-:::::: cpe:2.3:a:mozilla:firefox:0.9.3:::::::* cpe:2.3:a:mozilla:firefox:0.9.2:::::::* cpe:2.3:a:mozilla:firefox:0.9.1:::::::* cpe:2.3:a:mozilla:firefox:0.9_rc:::::::* cpe:2.3:a:mozilla:firefox:0.9:rc:::::: cpe:2.3:a:mozilla:firefox:0.9:::::::* cpe:2.3:a:mozilla:firefox:0.8:::::::* cpe:2.3:a:mozilla:firefox:0.7.1:::::::* cpe:2.3:a:mozilla:firefox:0.7:::::::* cpe:2.3:a:mozilla:firefox:0.6.1:::::::* cpe:2.3:a:mozilla:firefox:0.6:::::::* cpe:2.3:a:mozilla:firefox:0.5:::::::* cpe:2.3:a:mozilla:firefox:0.4:::::::* cpe:2.3:a:mozilla:firefox:0.3:::::::* cpe:2.3:a:mozilla:firefox:0.2:::::::* cpe:2.3:a:mozilla:firefox:0.10.1:::::::* cpe:2.3:a:mozilla:firefox:0.10:::::::* cpe:2.3:a:mozilla:firefox:0.1:::::::* cpe:2.3:a:mozilla:firefox::::::android::* cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:firefox:::::android:::* cpe:2.3:a:mozilla:firefox::::::-::* cpe:2.3:a:mozilla:firefox::::::x86::* cpe:2.3:a:mozilla:firefox:::::::x86:* cpe:2.3:a:mozilla:firefox::::::iphone_os::* cpe:2.3:a:mozilla:firefox:-:::::::* cpe:2.3:a:mozilla:firefox:-:::::iphone_os::	32
Application	Mozilla cpe:2.3:a:mozilla:mozilla:1.7.7:::::::* cpe:2.3:a:mozilla:mozilla:1.7.6:::::::* cpe:2.3:a:mozilla:mozilla:1.7.5:::::::* cpe:2.3:a:mozilla:mozilla:1.7.3:::::::* cpe:2.3:a:mozilla:mozilla:1.7.2:::::::* cpe:2.3:a:mozilla:mozilla:1.7.1:::::::* cpe:2.3:a:mozilla:mozilla:1.7:rc1:::::: cpe:2.3:a:mozilla:mozilla:1.7:rc2:::::: cpe:2.3:a:mozilla:mozilla:1.7:alpha:::::: cpe:2.3:a:mozilla:mozilla:1.7:::::::* cpe:2.3:a:mozilla:mozilla:1.7:beta:::::: cpe:2.3:a:mozilla:mozilla:1.7:rc3:::::: cpe:2.3:a:mozilla:mozilla:1.6:beta:::::: cpe:2.3:a:mozilla:mozilla:1.6:::::::* cpe:2.3:a:mozilla:mozilla:1.6:alpha:::::: cpe:2.3:a:mozilla:mozilla:1.5.1:::::::* cpe:2.3:a:mozilla:mozilla:1.5:::::::* cpe:2.3:a:mozilla:mozilla:1.5:rc1:::::: cpe:2.3:a:mozilla:mozilla:1.5:rc2:::::: cpe:2.3:a:mozilla:mozilla:1.5:alpha:::::: cpe:2.3:a:mozilla:mozilla:1.4.1:::::::* cpe:2.3:a:mozilla:mozilla:1.4:beta:::::: cpe:2.3:a:mozilla:mozilla:1.4:::::::* cpe:2.3:a:mozilla:mozilla:1.4:alpha:::::: cpe:2.3:a:mozilla:mozilla:1.3.1:::::::* cpe:2.3:a:mozilla:mozilla:1.3:::::::* cpe:2.3:a:mozilla:mozilla:1.2.1:::::::* cpe:2.3:a:mozilla:mozilla:1.2:alpha:::::: cpe:2.3:a:mozilla:mozilla:1.2:::::::* cpe:2.3:a:mozilla:mozilla:1.2:beta:::::: cpe:2.3:a:mozilla:mozilla:1.1:beta:::::: cpe:2.3:a:mozilla:mozilla:1.1:alpha:::::: cpe:2.3:a:mozilla:mozilla:1.1:::::::* cpe:2.3:a:mozilla:mozilla:1.0.2:::::::* cpe:2.3:a:mozilla:mozilla:1.0.1:::::::* cpe:2.3:a:mozilla:mozilla:1.0:rc1:::::: cpe:2.3:a:mozilla:mozilla:1.0:::::::* cpe:2.3:a:mozilla:mozilla:1.0:rc3:::::: cpe:2.3:a:mozilla:mozilla:1.0:rc2:::::: cpe:2.3:a:mozilla:mozilla:0.9.9:::::::* cpe:2.3:a:mozilla:mozilla:0.9.8:::::::* cpe:2.3:a:mozilla:mozilla:0.9.7:::::::* cpe:2.3:a:mozilla:mozilla:0.9.6:::::::* cpe:2.3:a:mozilla:mozilla:0.9.5:::::::* cpe:2.3:a:mozilla:mozilla:0.9.48:::::::* cpe:2.3:a:mozilla:mozilla:0.9.4.1:::::::* cpe:2.3:a:mozilla:mozilla:0.9.4:::::::* cpe:2.3:a:mozilla:mozilla:0.9.35:::::::* cpe:2.3:a:mozilla:mozilla:0.9.3:::::::* cpe:2.3:a:mozilla:mozilla:0.9.2.1:::::::* cpe:2.3:a:mozilla:mozilla:0.9.2:::::::* cpe:2.3:a:mozilla:mozilla:0.8:::::::* cpe:2.3:a:mozilla:mozilla:m16:::::::* cpe:2.3:a:mozilla:mozilla:m15:::::::* cpe:2.3:a:mozilla:mozilla:::::::: cpe:2.3:a:mozilla:mozilla:-:::::::*	56

OpenVAS Exploits

Date	Description
2008-09-24	Name : Gentoo Security Advisory GLSA 200505-11 (mozilla) File : nvt/glsa_200505_11.nasl
2008-09-04	Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox15.nasl
2008-01-17	Name : Debian Security Advisory DSA 781-1 (mozilla-thunderbird) File : nvt/deb_781_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
16605	Mozilla Javascript eval / Script Object Non-DOM Property Override Privilege E...
16576	Mozilla Wrapped javascript: URL Restriction Bypass
16186	Multiple Browser IFRAME JavaScript URL XSS
16185	Multiple Browser InstallTrigger.install() IconURL Parameter Arbitrary Script ...

Snort® IPS/IDS

Date	Description
2014-01-10	Multiple Products IFRAME src javascript code execution RuleID : 3679 - Revision : 18 - Type : INDICATOR-OBFUSCATION
2014-01-10	Mozilla favicon href javascript execution attempt RuleID : 20814 - Revision : 10 - Type : BROWSER-FIREFOX
2014-01-10	Mozilla Firefox IconURL Arbitrary Javascript Execution attempt RuleID : 17424 - Revision : 14 - Type : BROWSER-FIREFOX
2014-01-10	Mozilla Firefox JavaScript eval arbitrary code execution attempt RuleID : 17212 - Revision : 14 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date	Description
2006-07-05	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-601.nasl - Type : ACT_GATHER_INFO
2006-07-05	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-434.nasl - Type : ACT_GATHER_INFO
2006-07-03	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-435.nasl - Type : ACT_GATHER_INFO
2006-01-15	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-157-1.nasl - Type : ACT_GATHER_INFO
2006-01-15	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-155-1.nasl - Type : ACT_GATHER_INFO
2006-01-15	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-149-3.nasl - Type : ACT_GATHER_INFO
2006-01-15	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-134-1.nasl - Type : ACT_GATHER_INFO
2005-08-23	Name : The remote Debian host is missing a security-related update. File : debian_DSA-781.nasl - Type : ACT_GATHER_INFO
2005-07-22	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-601.nasl - Type : ACT_GATHER_INFO
2005-07-21	Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_106.nasl - Type : ACT_GATHER_INFO
2005-07-21	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-606.nasl - Type : ACT_GATHER_INFO
2005-07-21	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-604.nasl - Type : ACT_GATHER_INFO
2005-07-13	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_eca6195ac23311d9804c02061b08fc24.nasl - Type : ACT_GATHER_INFO
2005-06-10	Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_030.nasl - Type : ACT_GATHER_INFO
2005-05-28	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-434.nasl - Type : ACT_GATHER_INFO
2005-05-28	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-435.nasl - Type : ACT_GATHER_INFO
2005-05-17	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200505-11.nasl - Type : ACT_GATHER_INFO
2005-05-12	Name : A web browser installed on the remote host contains multiple vulnerabilities. File : mozilla_178.nasl - Type : ACT_GATHER_INFO
2005-05-12	Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_104.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:49:23	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	8
CPE ID(s)	88
osvdb(s)	4
Openvas Exploit(s)	3
Snort® Rule(s)	4
Nessus® Exploit(s)	19

	Related
7.5	CVE-2005-1532
7.5	CVE-2005-1531
5.1	CVE-2005-1477
5.1	CVE-2005-1476
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 4 more Alert(s)

7.5 - RHSA-2005:435

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU