Rapid7 Vulnerability & Exploit Database

RHSA-2002:079: Updated Mozilla packages fix a security issue

Back to Search

RHSA-2002:079: Updated Mozilla packages fix a security issue

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
06/25/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated packages are available which fix a security issue in Mozilla.

One component of the XML Extras package in Mozilla 0.9.9 and earlier allows remote attackers to read arbitrary files and list directories on a client system. This exploit is performed by opening a URL that redirects the browser to the file on the client and reading the results using the responseText property. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0354 to this issue. Users of Mozilla are advised to upgrade to these errata packages which have been patched and are not vulnerable to this issue.

Solution(s)

  • redhat-upgrade-galeon
  • redhat-upgrade-mozilla
  • redhat-upgrade-mozilla-chat
  • redhat-upgrade-mozilla-devel
  • redhat-upgrade-mozilla-dom-inspector
  • redhat-upgrade-mozilla-js-debugger
  • redhat-upgrade-mozilla-mail
  • redhat-upgrade-mozilla-nspr
  • redhat-upgrade-mozilla-nspr-devel
  • redhat-upgrade-mozilla-nss
  • redhat-upgrade-mozilla-nss-devel
  • redhat-upgrade-mozilla-psm
  • redhat-upgrade-nautilus
  • redhat-upgrade-nautilus-devel
  • redhat-upgrade-nautilus-mozilla

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;