RHEL 4 : mozilla (RHSA-2005:335)

high Nessus Plugin ID 17626

Synopsis

The remote Red Hat host is missing one or more security updates for mozilla.

Description

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2005:335 advisory.

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0399 to this issue.

A bug was found in the way Mozilla responds to proxy auth requests. It is possible for a malicious webserver to steal credentials from a victims browser by issuing a 407 proxy authentication request. (CAN-2005-0147)

A bug was found in the way Mozilla displays dialog windows. It is possible that a malicious web page which is being displayed in a background tab could present the user with a dialog window appearing to come from the active page. (CAN-2004-1380)

A bug was found in the way Mozilla Mail handles cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. (CAN-2005-0149)

A flaw was found in the way Mozilla displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not.
(CAN-2005-0233)

A bug was found in the way Mozilla handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CAN-2004-1156)

A bug was found in the way Mozilla saves temporary files. Temporary files are saved with world readable permissions, which could allow a local malicious user to view potentially sensitive data. (CAN-2005-0142)

A bug was found in the way Mozilla handles synthetic middle click events.
It is possible for a malicious web page to steal the contents of a victims clipboard. (CAN-2005-0146)

A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CAN-2005-0401)

A bug was found in the way Mozilla loads links in a new tab which are middle clicked. A malicious web page could read local files or modify privileged chrom settings. (CAN-2005-0141)

A bug was found in the way Mozilla displays the secure site icon. A malicious web page can use a view-source URL targetted at a secure page, while loading an insecure page, yet the secure site icon shows the previous secure state. (CAN-2005-0144)

A bug was found in the way Mozilla displays the secure site icon. A malicious web page can display the secure site icon by loading a binary file from a secured site. (CAN-2005-0143)

A bug was found in the way Mozilla displays the download dialog window. A malicious site can obfuscate the content displayed in the source field, tricking a user into thinking they are downloading content from a trusted source. (CAN-2005-0585)

Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.6 to correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL mozilla package based on the guidance in RHSA-2005:335.

See Also

http://www.nessus.org/u?bcabd5be

https://access.redhat.com/errata/RHSA-2005:335

https://access.redhat.com/security/updates/classification/#critical

https://bugzilla.redhat.com/show_bug.cgi?id=142508

https://bugzilla.redhat.com/show_bug.cgi?id=144228

https://bugzilla.redhat.com/show_bug.cgi?id=146188

https://bugzilla.redhat.com/show_bug.cgi?id=147397

https://bugzilla.redhat.com/show_bug.cgi?id=150866

https://bugzilla.redhat.com/show_bug.cgi?id=151730

Plugin Details

Severity: High

ID: 17626

File Name: redhat-RHSA-2005-335.nasl

Version: 1.25

Type: local

Agent: unix

Published: 3/25/2005

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2005-0401

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2005-0399

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:evolution, p-cpe:/a:redhat:enterprise_linux:evolution-devel, cpe:/o:redhat:enterprise_linux:4, p-cpe:/a:redhat:enterprise_linux:devhelp-devel, p-cpe:/a:redhat:enterprise_linux:devhelp

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/23/2005

Vulnerability Publication Date: 10/20/2004

Reference Information

CVE: CVE-2004-1380, CVE-2005-0141, CVE-2005-0142, CVE-2005-0143, CVE-2005-0144, CVE-2005-0146, CVE-2005-0149, CVE-2005-0399, CVE-2005-0401

RHSA: 2005:335