Detections
Analytics

GLSA-200703-05 : Mozilla Suite: Multiple vulnerabilities

medium Nessus Plugin ID 24772

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200703-05 (Mozilla Suite: Multiple vulnerabilities)

 Several vulnerabilities ranging from code execution with elevated privileges to information leaks affect the Mozilla Suite.
 Impact :

 A remote attacker could entice a user to browse to a specially crafted website or open a specially crafted mail that could trigger some of the vulnerabilities, potentially allowing execution of arbitrary code, denials of service, information leaks, or cross-site scripting attacks leading to the robbery of cookies of authentication credentials.
 Workaround :

 Most of the issues, but not all of them, can be prevented by disabling the HTML rendering in the mail client and JavaScript on every application.

Solution

The Mozilla Suite is no longer supported and has been masked after some necessary changes on all the other ebuilds which used to depend on it.
 Mozilla Suite users should unmerge www-client/mozilla or www-client/mozilla-bin, and switch to a supported product, like SeaMonkey, Thunderbird or Firefox.
 # emerge --unmerge 'www-client/mozilla' # emerge --unmerge 'www-client/mozilla-bin'

See Also

http://www.nessus.org/u?7f20085f

https://security.gentoo.org/glsa/200703-05

Plugin Details

Severity: Medium

ID: 24772

File Name: gentoo_GLSA-200703-05.nasl

Version: 1.16

Type: local

Published: 3/6/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:mozilla, p-cpe:/a:gentoo:linux:mozilla-bin, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/3/2007

Reference Information

BID: 21240, 22396, 22566, 22694

GLSA: 200703-05