Rapid7 Vulnerability & Exploit Database

RHSA-2003:163: mozilla security update

Back to Search

RHSA-2003:163: mozilla security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
11/29/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/12/2017

Description

Updated Mozilla packages that fix various bugs and security issues in previous versions of Mozilla are now available.

Mozilla is an open source Web browser. A heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. These errata packages upgrade Mozilla to version 1.0.2, which is not vulnerable to this issue. Mozilla 1.0.2 also contains a number of other stability and security updates.

Solution(s)

  • redhat-upgrade-galeon
  • redhat-upgrade-mozilla
  • redhat-upgrade-mozilla-chat
  • redhat-upgrade-mozilla-devel
  • redhat-upgrade-mozilla-dom-inspector
  • redhat-upgrade-mozilla-js-debugger
  • redhat-upgrade-mozilla-mail
  • redhat-upgrade-mozilla-nspr
  • redhat-upgrade-mozilla-nspr-devel
  • redhat-upgrade-mozilla-nss
  • redhat-upgrade-mozilla-nss-devel
  • redhat-upgrade-mozilla-psm

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;