|
Mozilla Firefox Scrollbar Remote Code Execution Vulnerability
Solution: The vendor has relased Firefox version 1.0.1 dealing with this issue. Mozilla has reported that a pending release of Mozilla Suite 1.7.6 will be released dealing with these issues in the near future. This BID will be updated upon release. SGI has released an advisory 20050501-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information. Red Hat has released advisory RHSA-2005:384-11 and fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information. RedHat Fedora Linux has made an advisory available dealing with this issue in their Core 3 distribution. Please see the reference section for more information. Gentoo has released an advisory (GLSA 200503-10) and updated eBuilds to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser: For Firefox users: emerge --sync emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0.1" For Firefox binary users: emerge --sync emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0.1" Gentoo has released advisory GLSA 200503-30 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers: Mozilla Suite users: emerge --sync emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.6" Mozilla Suite binary users: emerge --sync emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.6" Mandriva has released advisory MDKSA-2005:088 and fixes to address this issue. Please see the referenced advisory for links to fixed packages. Mandriva has released an updated advisory MDKSA-2005:088-1 and updated fixes to address a bug in the initial release of the fixes. Please see the referenced advisory for links to fixed packages. RedHat Fedora Legacy has released advisory FLSA:152883 addressing this and other issues for RedHat Linux 7.3, 9 and for Fedora Core 1 and Core 2. Please see the referenced advisory for details on obtaining and applying the appropriate updates. Netscape Browser 8.0 has been released to address various security issues. Please see the vendor advisory in Web references for more information. HP advisory HPSBUX01133 (SSRT5940 rev.1 - HP-UX Mozilla remote, unauthorized user may execute privileged code) is available to address various issues affecting Mozilla. Please see the referenced advisory for more information. Mozilla Firefox 1.0
Mozilla Browser 1.7
Mozilla Browser 1.7.1
Mozilla Browser 1.7.2
Mozilla Browser 1.7.3
Mozilla Browser 1.7.4
Mozilla Browser 1.7.5
Netscape Netscape 7.0
Netscape Netscape 7.1
Netscape Netscape 7.2
|
|
 Privacy Statement |
