| Description: | Summary:
The remote host is missing an update for the 'Mozilla' package(s) announced via the SSA:2004-223-01 advisory.
Vulnerability Insight:
New Mozilla packages are available for Slackware 9.1, 10.0, and -current
to fix a number of security issues. Slackware 10.0 and -current were
upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3.
As usual, new versions of Mozilla require new versions of things that link
with the Mozilla libraries, so for Slackware 10.0 and -current new versions
of epiphany, galeon, gaim, and mozilla-plugins have also been provided.
There don't appear to be epiphany and galeon versions that are compatible
with Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not
provided and Epiphany and Galeon will be broken on Slackware 9.1 if the
new Mozilla package is installed. Furthermore, earlier versions of
Mozilla (such as the 1.3 series) were not fixed upstream, so versions
of Slackware earlier than 9.1 will remain vulnerable to these browser
issues. If you still use Slackware 9.0 or earlier, you may want to
consider removing Mozilla or upgrading to a newer version.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
Issues fixed in Mozilla 1.7.2:
[links moved to references]
Issues fixed in Mozilla 1.4.3:
[links moved to references]
Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Mon Aug 9 01:56:43 PDT 2004
patches/packages/epiphany-1.2.7-i486-1.tgz: Upgraded to epiphany-1.2.7.
(compiled against Mozilla 1.7.2)
patches/packages/gaim-0.81-i486-1.tgz: Upgraded to gaim-0.81.
(compiled against Mozilla 1.7.2)
patches/packages/galeon-1.3.17-i486-1.tgz: Upgraded to galeon-1.3.17.
(compiled against Mozilla 1.7.2)
patches/packages/mozilla-1.7.2-i486-1.tgz: Upgraded to Mozilla 1.7.2. This
fixes three security vulnerabilities. For details, see:
[link moved to references]
(* Security fix *)
patches/packages/mozilla-plugins-1.7.2-noarch-1.tgz: Changed plugin symlinks
for Mozilla 1.7.2.
+--------------------------+
Affected Software/OS:
'Mozilla' package(s) on Slackware 9.1, Slackware 10.0, Slackware current.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
