CESA-2005:038: mozilla security update
Description
Updated mozilla packages that fix a buffer overflow issue are now available.
Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. iSEC Security Research has discovered a buffer overflow bug in the way Mozilla handles NNTP URLs. If a user visits a malicious web page or is convinced to click on a malicious link, it may be possible for an attacker to execute arbitrary code on the victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1316 to this issue. Users of Mozilla should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
Solution(s)
- centos-upgrade-mozilla
- centos-upgrade-mozilla-chat
- centos-upgrade-mozilla-devel
- centos-upgrade-mozilla-dom-inspector
- centos-upgrade-mozilla-js-debugger
- centos-upgrade-mozilla-mail
- centos-upgrade-mozilla-nspr
- centos-upgrade-mozilla-nspr-devel
- centos-upgrade-mozilla-nss
- centos-upgrade-mozilla-nss-devel
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center