Test ID:	1.3.6.1.4.1.25623.1.0.51020
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2003:163
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2003:163. Mozilla is an open source Web browser. A heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. These errata packages upgrade Mozilla to version 1.0.2, which is not vulnerable to this issue. Mozilla 1.0.2 also contains a number of other stability and security updates. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-163.html http://www.mozilla.org/releases/mozilla1.0.2/ Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 6185 Common Vulnerability Exposure (CVE) ID: CVE-2002-1308 http://www.securityfocus.com/bid/6185 Bugtraq: 20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler. (Google Search) http://marc.info/?l=bugtraq&m=103730181813075&w=2 http://bugzilla.mozilla.org/show_bug.cgi?id=157646 http://www.redhat.com/support/errata/RHSA-2003-162.html http://www.redhat.com/support/errata/RHSA-2003-163.html XForce ISS Database: mozilla-netscape-jar-bo(10636) https://exchange.xforce.ibmcloud.com/vulnerabilities/10636
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.