Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thierry Carrez <koon@g.o>
To: gentoo-announce@g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200604-18 ] Mozilla Suite: Multiple vulnerabilities
Date: Fri, 28 Apr 2006 17:59:02
Message-Id: 44525371.8000704@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200604-18
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Mozilla Suite: Multiple vulnerabilities
9 Date: April 28, 2006
10 Bugs: #130887
11 ID: 200604-18
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Several vulnerabilities in Mozilla Suite allow attacks ranging from
19 script execution with elevated privileges to information leaks.
20
21 Background
22 ==========
23
24 The Mozilla Suite is a popular all-in-one web browser that includes a
25 mail and news reader.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-client/mozilla < 1.7.13 >= 1.7.13
34 2 www-client/mozilla-bin < 1.7.13 >= 1.7.13
35 -------------------------------------------------------------------
36 2 affected packages on all of their supported architectures.
37 -------------------------------------------------------------------
38
39 Description
40 ===========
41
42 Several vulnerabilities were found in Mozilla Suite. Version 1.7.13 was
43 released to fix them.
44
45 Impact
46 ======
47
48 A remote attacker could craft malicious web pages or emails that would
49 leverage these issues to inject and execute arbitrary script code with
50 elevated privileges, steal local files, cookies or other information
51 from web pages or emails, and spoof content. Some of these
52 vulnerabilities might even be exploited to execute arbitrary code with
53 the rights of the user running the client.
54
55 Workaround
56 ==========
57
58 There are no known workarounds for all the issues at this time.
59
60 Resolution
61 ==========
62
63 All Mozilla Suite users should upgrade to the latest version:
64
65 # emerge --sync
66 # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.13"
67
68 All Mozilla Suite binary users should upgrade to the latest version:
69
70 # emerge --sync
71 # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.13"
72
73 References
74 ==========
75
76 [ 1 ] CVE-2005-4134
77 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
78 [ 2 ] CVE-2006-0292
79 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
80 [ 3 ] CVE-2006-0293
81 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0293
82 [ 4 ] CVE-2006-0296
83 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
84 [ 5 ] CVE-2006-0748
85 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748
86 [ 6 ] CVE-2006-0749
87 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749
88 [ 7 ] CVE-2006-0884
89 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884
90 [ 8 ] CVE-2006-1045
91 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1045
92 [ 9 ] CVE-2006-1727
93 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727
94 [ 10 ] CVE-2006-1728
95 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728
96 [ 11 ] CVE-2006-1729
97 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729
98 [ 12 ] CVE-2006-1730
99 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730
100 [ 13 ] CVE-2006-1731
101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731
102 [ 14 ] CVE-2006-1732
103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732
104 [ 15 ] CVE-2006-1733
105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733
106 [ 16 ] CVE-2006-1734
107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734
108 [ 17 ] CVE-2006-1735
109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735
110 [ 18 ] CVE-2006-1736
111 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736
112 [ 19 ] CVE-2006-1737
113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737
114 [ 20 ] CVE-2006-1738
115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738
116 [ 21 ] CVE-2006-1739
117 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739
118 [ 22 ] CVE-2006-1740
119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740
120 [ 23 ] CVE-2006-1741
121 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741
122 [ 24 ] CVE-2006-1742
123 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742
124 [ 25 ] CVE-2006-1790
125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790
126 [ 26 ] Mozilla Foundation Security Advisories
127
128 http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
129
130 Availability
131 ============
132
133 This GLSA and any updates to it are available for viewing at
134 the Gentoo Security Website:
135
136 http://security.gentoo.org/glsa/glsa-200604-18.xml
137
138 Concerns?
139 =========
140
141 Security is a primary focus of Gentoo Linux and ensuring the
142 confidentiality and security of our users machines is of utmost
143 importance to us. Any security concerns should be addressed to
144 security@g.o or alternatively, you may file a bug at
145 http://bugs.gentoo.org.
146
147 License
148 =======
149
150 Copyright 2006 Gentoo Foundation, Inc; referenced text
151 belongs to its owner(s).
152
153 The contents of this document are licensed under the
154 Creative Commons - Attribution / Share Alike license.
155
156 http://creativecommons.org/licenses/by-sa/2.0

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups