RHEL 4 : mozilla (RHSA-2005:435)

high Nessus Plugin ID 18388

Synopsis

The remote Red Hat host is missing one or more security updates for mozilla.

Description

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2005:435 advisory.

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several bugs were found in the way Mozilla executes javascript code.
Javascript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute javascript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-1476, CAN-2005-1477, CAN-2005-1531, and CAN-2005-1532 to these issues.

Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL mozilla package based on the guidance in RHSA-2005:435.

See Also

http://www.nessus.org/u?247b6b8d

http://www.nessus.org/u?67e47580

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=157349

https://bugzilla.redhat.com/show_bug.cgi?id=158533

https://access.redhat.com/errata/RHSA-2005:435

Plugin Details

Severity: High

ID: 18388

File Name: redhat-RHSA-2005-435.nasl

Version: 1.32

Type: local

Agent: unix

Published: 5/28/2005

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2005-1532

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2005-1477

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:devhelp, p-cpe:/a:redhat:enterprise_linux:devhelp-devel, cpe:/o:redhat:enterprise_linux:4

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/24/2005

Vulnerability Publication Date: 5/9/2005

Reference Information

CVE: CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, CVE-2005-1532

RHSA: 2005:435