RHEL 2.1 : mozilla (RHSA-2003:046)

high Nessus Plugin ID 12361

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated Mozilla packages are now available for Red Hat Linux Advanced Server. These new packages fix vulnerabilities in previous versions of Mozilla.

Mozilla is an open source Web browser. Versions of Mozilla prior to version 1.0.1 contain various security vulnerabilities. These vulnerabilities could be used by an attacker to read data off of the local hard drive, to gain information that should normally be kept private, and in some cases to execute arbitrary code. For more information on the specific vulnerabilities fixed please see the references below.

All users of Mozilla should update to these errata packages containing Mozilla version 1.0.1 which is not vulnerable to these issues.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2002-0593

https://access.redhat.com/security/cve/cve-2002-0594

https://access.redhat.com/security/cve/cve-2002-1091

https://access.redhat.com/security/cve/cve-2002-1126

http://www.nessus.org/u?03a3bf01

https://bugzilla.mozilla.org/show_bug.cgi?id=145579

https://bugzilla.mozilla.org/show_bug.cgi?id=169982

https://access.redhat.com/errata/RHSA-2003:046

Plugin Details

Severity: High

ID: 12361

File Name: redhat-RHSA-2003-046.nasl

Version: 1.27

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:mozilla-nspr, p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel, p-cpe:/a:redhat:enterprise_linux:mozilla-nss, p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel, p-cpe:/a:redhat:enterprise_linux:mozilla-psm, cpe:/o:redhat:enterprise_linux:2.1, p-cpe:/a:redhat:enterprise_linux:galeon, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf-devel, p-cpe:/a:redhat:enterprise_linux:gdk-pixbuf-gnome, p-cpe:/a:redhat:enterprise_linux:mozilla, p-cpe:/a:redhat:enterprise_linux:mozilla-chat, p-cpe:/a:redhat:enterprise_linux:mozilla-devel, p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector, p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger, p-cpe:/a:redhat:enterprise_linux:mozilla-mail

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2/10/2003

Vulnerability Publication Date: 6/18/2002

Reference Information

CVE: CVE-2002-0593, CVE-2002-0594, CVE-2002-1091, CVE-2002-1126

RHSA: 2003:046