| Description: | Description:
The remote host is missing an update to mozilla
announced via advisory FEDORA-2006-075.
Mozilla is an open-source web browser, designed for standards
compliance, performance and portability.
Update Information:
Mozilla is an open source Web browser, advanced email and
newsgroup client, IRC chat client, and HTML editor.
Igor Bukanov discovered a bug in the way Mozilla's
JavaScript interpreter dereferences objects. If a user
visits a malicious web page, Mozilla could crash or execute
arbitrary code as the user running Mozilla. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2006-0292 to this issue.
moz_bug_r_a4 discovered a bug in Mozilla's
XULDocument.persist() function. A malicious web page could
inject arbitrary RDF data into a user's localstore.rdf file,
which can cause Mozilla to execute arbitrary JavaScript when
a user runs Mozilla. (CVE-2006-0296)
A denial of service bug was found in the way Mozilla saves
history information. If a user visits a web page with a very
long title, it is possible Mozilla will crash or take a very
long time to start the next time it is run. (CVE-2005-4134)
* Sun Jan 29 2006 Christopher Aillon 37:1.7.12-1.5.2
- Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296
Solution: Apply the appropriate updates.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-075
Risk factor : High
CVSS Score:
7.5
|
