Several vulnerabilities in the Mozilla Suite allow attacks ranging from the execution of javascript code with elevated privileges to information leakage.
Package | www-client/mozilla on all architectures |
---|---|
Affected versions | < 1.7.10 |
Unaffected versions | >= 1.7.10 |
Package | www-client/mozilla-bin on all architectures |
---|---|
Affected versions | < 1.7.10 |
Unaffected versions | >= 1.7.10 |
The Mozilla Suite is an all-in-one Internet application suite including a web browser, an advanced e-mail and newsgroup client, IRC client and HTML editor.
The following vulnerabilities were found and fixed in the Mozilla Suite:
A remote attacker could craft malicious web pages that would leverage these issues to inject and execute arbitrary javascript code with elevated privileges, steal cookies or other information from web pages, or spoof content.
There is no known workaround at this time.
All Mozilla Suite users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.10"
All Mozilla Suite binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.10"
Release date
July 26, 2005
Latest revision
July 26, 2005: 01
Severity
normal
Exploitable
remote
Bugzilla entries