• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Browser Cache File Multiple Vulnerabilities

Solution:
Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Fixes are not currently available; customers are advised to contact the vendor for further details regarding fix availability. Please see the referenced Avaya advisory at the following location for further details:
http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=198527&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()

SCO has released an advisory SCOSA-2005.25 including updated packages to address this issue. Please see the referenced advisory for more information.

RedHat has released advisory RHSA-2004:421-17 and fixes dealing with this issue for Mozilla on RedHat Enterprise Linux platforms. Please see the referenced advisory for further information.

Slackware has released an advisory (SSA:2004-223-01) to address this issue. Please see the referenced advisory for more information.

SGI has made available Patch 10095, correcting this vulnerability for systems running SGI Advanced Linux Environment 3:

Patch 10095 is available from http://support.sgi.com/ and
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/

The individual RPMs from Patch 10095 are available from:
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

HP has released advisory "HPSBTU01063 SSRT4778 - rev.2 Mozilla Application Suite for HP Tru64 UNIX - Potential Overflows - Denial of Service - Unauthorized access" to address this and other issues. Please see the attached advisory for fix information.

SuSE Linux has released advisory SUSE-SA:2004:036 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Conectiva has released an advisory (CLA-2004:877) to address various issues including this in Mozilla. This advisory contains updated Mozilla packages (1.7.3) for Conectiva Linux 9 and 10. Please see the referenced advisory for more information.

The Fedora Legacy project has released advisory FLSA-2004:2089 along with fixes to address multiple issues in RedHat Fedora Core 1, and RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.


Mozilla Browser 0.9.9

• RedHat galeon-1.2.13-0.7.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/galeon-1.2.13 -0.7.1.legacy.i386.rpm


• RedHat mozilla-1.4.3-0.7.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-1.4.3 -0.7.1.legacy.i386.rpm


• RedHat mozilla-chat-1.4.3-0.7.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-chat- 1.4.3-0.7.1.legacy.i386.rpm


• RedHat mozilla-devel-1.4.3-0.7.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-devel -1.4.3-0.7.1.legacy.i386.rpm


• RedHat mozilla-dom-inspector-1.4.3-0.7.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-dom-i nspector-1.4.3-0.7.1.legacy.i386.rpm


• RedHat mozilla-js-debugger-1.4.3-0.7.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-js-de bugger-1.4.3-0.7.1.legacy.i386.rpm


• RedHat mozilla-mail-1.4.3-0.7.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-mail- 1.4.3-0.7.1.legacy.i386.rpm


• RedHat mozilla-nspr-1.4.3-0.7.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr- 1.4.3-0.7.1.legacy.i386.rpm


• RedHat mozilla-nspr-devel-1.4.3-0.7.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nspr- devel-1.4.3-0.7.1.legacy.i386.rpm


• RedHat mozilla-nss-1.4.3-0.7.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-1 .4.3-0.7.1.legacy.i386.rpm


• RedHat mozilla-nss-devel-1.4.3-0.7.1.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/mozilla-nss-d evel-1.4.3-0.7.1.legacy.i386.rpm

Mozilla Browser 1.2.1

• RedHat galeon-1.2.13-0.9.2.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/galeon-1.2.13-0 .9.2.legacy.i386.rpm


• RedHat mozilla-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.4.3-0 .9.1.legacy.i386.rpm


• RedHat mozilla-chat-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1. 4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-devel-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1 .4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-dom-inspector-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-ins pector-1.4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-js-debugger-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debu gger-1.4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-mail-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1. 4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-nspr-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1. 4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-nspr-devel-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-de vel-1.4.3-0.9.1.legacy.i386.rpm


• RedHat mozilla-nss-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.4 .3-0.9.1.legacy.i386.rpm


• RedHat mozilla-nss-devel-1.4.3-0.9.1.legacy.i386.rpm
  RedHat Linux 9
  http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-dev el-1.4.3-0.9.1.legacy.i386.rpm

Mozilla Browser 1.4

• Slackware mozilla-1.4.3-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/m ozilla-1.4.3-i486-1.tgz


• Slackware mozilla-plugins-1.4.3-noarch-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/m ozilla-plugins-1.4.3-noarch-1.tgz

Mozilla Browser 1.4.1

• RedHat epiphany-1.0.4-2.4.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/epiphany-1.0.4- 2.4.legacy.i386.rpm


• RedHat mozilla-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.4.3-1 .fc1.1.legacy.i386.rpm


• RedHat mozilla-chat-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1. 4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-devel-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1 .4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-dom-inspector-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-ins pector-1.4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-js-debugger-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debu gger-1.4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-mail-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1. 4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-nspr-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1. 4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-nspr-devel-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-de vel-1.4.3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-nss-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.4 .3-1.fc1.1.legacy.i386.rpm


• RedHat mozilla-nss-devel-1.4.3-1.fc1.1.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-dev el-1.4.3-1.fc1.1.legacy.i386.rpm

Mozilla Browser 1.6

• Conectiva libnspr-devel-1.7.3-27852U90_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libnspr-devel-1.7.3-27852U9 0_4cl.i386.rpm


• Conectiva libnspr-devel-1.7.3-60868U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/libnspr-devel-1.7.3-60868U 10_1cl.i386.rpm


• Conectiva libnspr4-1.7.3-27852U90_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libnspr4-1.7.3-27852U90_4cl .i386.rpm


• Conectiva libnspr4-1.7.3-60868U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/libnspr4-1.7.3-60868U10_1c l.i386.rpm


• Conectiva libnss-devel-1.7.3-27852U90_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libnss-devel-1.7.3-27852U90 _4cl.i386.rpm


• Conectiva libnss-devel-1.7.3-60868U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/libnss-devel-1.7.3-60868U1 0_1cl.i386.rpm


• Conectiva libnss3-1.7.3-27852U90_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/libnss3-1.7.3-27852U90_4cl. i386.rpm


• Conectiva libnss3-1.7.3-60868U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/libnss3-1.7.3-60868U10_1cl .i386.rpm


• Conectiva mozilla-1.7.3-27852U90_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-1.7.3-27852U90_4cl. i386.rpm


• Conectiva mozilla-1.7.3-60868U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-1.7.3-60868U10_1cl .i386.rpm


• Conectiva mozilla-base-1.7.3-27852U90_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-base-1.7.3-27852U90 _4cl.i386.rpm


• Conectiva mozilla-base-1.7.3-60868U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-base-1.7.3-60868U1 0_1cl.i386.rpm


• Conectiva mozilla-devel-1.7.3-27852U90_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-devel-1.7.3-27852U9 0_4cl.i386.rpm


• Conectiva mozilla-devel-1.7.3-60868U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-devel-1.7.3-60868U 10_1cl.i386.rpm


• Conectiva mozilla-dom-inspector-1.7.3-27852U90_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-dom-inspector-1.7.3 -27852U90_4cl.i386.rpm


• Conectiva mozilla-dom-inspector-1.7.3-60868U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-dom-inspector-1.7. 3-60868U10_1cl.i386.rpm


• Conectiva mozilla-irc-1.7.3-27852U90_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-irc-1.7.3-27852U90_ 4cl.i386.rpm


• Conectiva mozilla-irc-1.7.3-60868U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-irc-1.7.3-60868U10 _1cl.i386.rpm


• Conectiva mozilla-js-debugger-1.7.3-27852U90_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-js-debugger-1.7.3-2 7852U90_4cl.i386.rpm


• Conectiva mozilla-js-debugger-1.7.3-60868U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-js-debugger-1.7.3- 60868U10_1cl.i386.rpm


• Conectiva mozilla-mail-1.7.3-27852U90_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-mail-1.7.3-27852U90 _4cl.i386.rpm


• Conectiva mozilla-mail-1.7.3-60868U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-mail-1.7.3-60868U1 0_1cl.i386.rpm


• Conectiva mozilla-psm-1.7.3-27852U90_4cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/mozilla-psm-1.7.3-27852U90_ 4cl.i386.rpm


• Conectiva mozilla-psm-1.7.3-60868U10_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/10/RPMS/mozilla-psm-1.7.3-60868U10 _1cl.i386.rpm

Mozilla Browser 1.7

• Slackware epiphany-1.2.7-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ epiphany-1.2.7-i486-1.tgz


• Slackware gaim-0.81-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ gaim-0.81-i486-1.tgz


• Slackware galeon-1.3.17-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ galeon-1.3.17-i486-1.tgz


• Slackware mozilla-1.7.2-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ mozilla-1.7.2-i486-1.tgz


• Slackware mozilla-plugins-1.7.2-noarch-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ mozilla-plugins-1.7.2-noarch-1.tgz