Rapid7 Vulnerability & Exploit Database

RHSA-2003:162: Updated Mozilla packages fix security vulnerability.

Back to Search

RHSA-2003:162: Updated Mozilla packages fix security vulnerability.

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
11/29/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated Mozilla packages fixing various bugs and security issues are now available. [Updated 18 July 2003] Our Mozilla packages were found to be incompatible with Galeon. Updated versions of Galeon are now included for Red Hat Linux 7.2, 7.3, and 8.0. In addition new builds of Mozilla for Red Hat Linux 8.0 are included as the previous packages were built with the wrong compiler. [Updated 31 July 2003] Added packages for Red Hat Linux on IBM iSeries and pSeries systems.

Mozilla is an open source Web browser. A heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL referencing a malformed .jar file, which overflows a buffer during decompression. This issue affects versions Mozilla packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0. These errata packages upgrade Mozilla to version 1.0.2, which is not vulnerable to this issue. Mozilla 1.0.2 also contains a number of other stability and security enhancements.

Solution(s)

  • redhat-upgrade-galeon
  • redhat-upgrade-mozilla
  • redhat-upgrade-mozilla-chat
  • redhat-upgrade-mozilla-devel
  • redhat-upgrade-mozilla-dom-inspector
  • redhat-upgrade-mozilla-js-debugger
  • redhat-upgrade-mozilla-mail
  • redhat-upgrade-mozilla-nspr
  • redhat-upgrade-mozilla-nspr-devel
  • redhat-upgrade-mozilla-nss
  • redhat-upgrade-mozilla-nss-devel
  • redhat-upgrade-mozilla-psm

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;