• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Suite And Firefox Blocked Pop-Up Window Remote Script Code Execution Vulnerability

Solution:
Mozilla has released and advisory along with upgrades dealing with this issue. Please see the reference section for more information.

SCO has released advisory SCOSA-2005.29 to address this issue. Please see the referenced advisory for more information.

SuSE has released advisory SUSE-SA:2005:028 to address this, and other issues in Mozilla. Please see the referenced advisory for further information.

Gentoo Linux has released an advisory (GLSA 200504-18) dealing with this issue. Gentoo advises that all users upgrade their packages by executing the following commands with superuser privileges:

emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.3"

All Mozilla Firefox binary users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.3"

All Mozilla Suite users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.7"

All Mozilla Suite binary users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.7"

For more information, please see the referenced Gentoo Linux advisory.

Turbolinux has released advisory TLSA-2005-49 to address this, and other issues in Mozilla. Users of affected packages are urged to utilize the 'turbopkg', or 'zabom' tools to obtain fixes. Please see the referenced advisory for further information.

RedHat has released advisory RHSA-2005:383-07 to address this, and other issues in RedHat Enterprise Linux, and RedHat Desktop Linux. Please see the referenced advisory for further information.

Red Hat has released advisory RHSA-2005:386-08 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Red Hat has released advisory RHSA-2005:384-11 and fixes to address this
and other issues on Red Hat Linux Enterprise platforms. Customers who are
affected are advised to apply the appropriate updates. Customers
subscribed to the Red Hat Network may apply the appropriate fixes using
the Red Hat Update Agent (up2date). Please see the referenced advisory for
additional information.

SGI has released an advisory 20050501-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information.

Ubuntu has released advisory USN-124-1 to address this, and other issues. Please see the referenced advisory for further information.

Ubuntu Linux has released an updated advisory (USN-124-2) addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Mandriva has released advisory MDKSA-2005:088 and fixes to address this issue. Please see the referenced advisory for links to fixed packages.

Mandriva has released an updated advisory MDKSA-2005:088-1 and updated fixes to address a bug in the initial release of the fixes. Please see the referenced advisory for links to fixed packages.

RedHat Fedora Legacy has released advisory FLSA:152883 addressing this and other issues for RedHat Linux 7.3, 9 and for Fedora Core 1 and Core 2. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Netscape Browser 8.0 has been released to address various security issues. Please see the vendor advisory in Web references for more information.


Mozilla Firefox 0.10

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.10.1

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.8

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9 rc

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.1

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.2

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 0.9.3

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 1.0

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 1.0.1

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/

Mozilla Firefox 1.0.2

• Mozilla Firefox 1.0.3
  http://www.mozilla.org/products/firefox/


• Ubuntu mozilla-firefox-dev_1.0.2-0ubuntu5.2_amd64.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla- firefox-dev_1.0.2-0ubuntu5.2_amd64.deb


• Ubuntu mozilla-firefox-dev_1.0.2-0ubuntu5.2_i386.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla- firefox-dev_1.0.2-0ubuntu5.2_i386.deb


• Ubuntu mozilla-firefox-dev_1.0.2-0ubuntu5.2_ia64.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla- firefox-dev_1.0.2-0ubuntu5.2_ia64.deb


• Ubuntu mozilla-firefox-dev_1.0.2-0ubuntu5.2_powerpc.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla- firefox-dev_1.0.2-0ubuntu5.2_powerpc.deb


• Ubuntu mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.2_amd64.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozi lla-firefox-dom-inspector_1.0.2-0ubuntu5.2_amd64.deb


• Ubuntu mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.2_i386.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozi lla-firefox-dom-inspector_1.0.2-0ubuntu5.2_i386.deb


• Ubuntu mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.2_ia64.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozi lla-firefox-dom-inspector_1.0.2-0ubuntu5.2_ia64.deb


• Ubuntu mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.2_powerpc.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozi lla-firefox-dom-inspector_1.0.2-0ubuntu5.2_powerpc.deb


• Ubuntu mozilla-firefox-gnome-support_1.0.2-0ubuntu5.2_amd64.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla- firefox-gnome-support_1.0.2-0ubuntu5.2_amd64.deb


• Ubuntu mozilla-firefox-gnome-support_1.0.2-0ubuntu5.2_i386.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla- firefox-gnome-support_1.0.2-0ubuntu5.2_i386.deb


• Ubuntu mozilla-firefox-gnome-support_1.0.2-0ubuntu5.2_ia64.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla- firefox-gnome-support_1.0.2-0ubuntu5.2_ia64.deb


• Ubuntu mozilla-firefox-gnome-support_1.0.2-0ubuntu5.2_powerpc.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla- firefox-gnome-support_1.0.2-0ubuntu5.2_powerpc.deb


• Ubuntu mozilla-firefox_1.0.2-0ubuntu5.2_amd64.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla- firefox_1.0.2-0ubuntu5.2_amd64.deb


• Ubuntu mozilla-firefox_1.0.2-0ubuntu5.2_i386.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla- firefox_1.0.2-0ubuntu5.2_i386.deb


• Ubuntu mozilla-firefox_1.0.2-0ubuntu5.2_ia64.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla- firefox_1.0.2-0ubuntu5.2_ia64.deb


• Ubuntu mozilla-firefox_1.0.2-0ubuntu5.2_powerpc.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla- firefox_1.0.2-0ubuntu5.2_powerpc.deb

Mozilla Browser 1.7 rc1

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7 rc2

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7 alpha

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7 beta

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7 rc3

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7.1

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7.2

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7.3

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7.4

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7.5

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/

Mozilla Browser 1.7.6

• Mozilla Suite 1.7.7
  http://www.mozilla.org/products/mozilla1.x/