Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.
A buffer overflow bug was found in the way Mozilla processes GIF images. It
is possible for an attacker to create a specially crafted GIF image, which
when viewed by a victim will execute arbitrary code as the victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0399 to this issue.
A bug was found in the way Mozilla displays dialog windows. It is possible
that a malicious web page which is being displayed in a background tab
could present the user with a dialog window appearing to come from the
active page. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1380 to this issue.
A bug was found in the way Mozilla allowed plug-ins to load privileged
content into a frame. It is possible that a malicious webpage could trick a
user into clicking in certain places to modify configuration settings or
execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0232 to this issue.
A bug was found in the way Mozilla Mail handles cookies when loading
content over HTTP regardless of the user’s preference. It is possible that
a particular user could be tracked through the use of malicious mail
messages which load content over HTTP. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0149 to
this issue.
A bug was found in the way Mozilla responds to proxy auth requests. It is
possible for a malicious webserver to steal credentials from a victims
browser by issuing a 407 proxy authentication request. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0147 to this issue.
A bug was found in the way Mozilla handles certain start tags followed by a
NULL character. A malicious web page could cause Mozilla to crash when
viewed by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1613 to this issue.
A bug was found in the way Mozilla sets file permissions when installing
XPI packages. It is possible for an XPI package to install some files
world readable or writable, allowing a malicious local user to steal
information or execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0906 to
this issue.
A bug was found in the way Mozilla loads links in a new tab which are
middle clicked. A malicious web page could read local files or modify
privileged chrom settings. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0141 to this issue.
A bug was found in the way Mozilla displays the secure site icon. A
malicious web page can use a view-source URL targetted at a secure page,
while loading an insecure page, yet the secure site icon shows the previous
secure state. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0144 to this issue.
Users of Mozilla are advised to upgrade to this updated package which
contains Mozilla version 1.4.4 and additional backported patches to correct
these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | mozilla-devel | < 1.4.4-1.3.5 | mozilla-devel-1.4.4-1.3.5.i386.rpm |
RedHat | any | ia64 | mozilla-nss-devel | < 1.4.4-1.2.3 | mozilla-nss-devel-1.4.4-1.2.3.ia64.rpm |
RedHat | any | x86_64 | mozilla-nspr-devel | < 1.4.4-1.3.5 | mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm |
RedHat | any | ia64 | mozilla-nspr-devel | < 1.4.4-1.3.5 | mozilla-nspr-devel-1.4.4-1.3.5.ia64.rpm |
RedHat | any | ia64 | mozilla | < 1.4.4-1.2.3 | mozilla-1.4.4-1.2.3.ia64.rpm |
RedHat | any | i386 | mozilla-nspr | < 1.4.4-1.3.5 | mozilla-nspr-1.4.4-1.3.5.i386.rpm |
RedHat | any | ppc | mozilla-nspr-devel | < 1.4.4-1.3.5 | mozilla-nspr-devel-1.4.4-1.3.5.ppc.rpm |
RedHat | any | ia64 | mozilla-nspr-devel | < 1.4.4-1.2.3 | mozilla-nspr-devel-1.4.4-1.2.3.ia64.rpm |
RedHat | any | s390 | mozilla-chat | < 1.4.4-1.3.5 | mozilla-chat-1.4.4-1.3.5.s390.rpm |
RedHat | any | s390x | mozilla-js-debugger | < 1.4.4-1.3.5 | mozilla-js-debugger-1.4.4-1.3.5.s390x.rpm |