• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Space Key XPI Installation Vulnerability

Solution:
Users are adviced to upgrade to the latest version of Mozilla.

Redhat has released RHA-2002:192-13 containg fixes.

Conectiva has released a security advisory containing fixes. Users are advised to upgrade their Mozilla and Galeon packages as soon as possible.

Fixes:


Mozilla Browser 0.9.8

• Mozilla Mozilla 1.1
  http://www.mozilla.org/releases/

Mozilla Browser 0.9.9

• Mozilla Mozilla 1.1
  http://www.mozilla.org/releases/


• RedHat galeon-1.2.6-0.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/galeon-1.2.6-0.7.2.i386.rpm


• RedHat galeon-1.2.6-0.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/galeon-1.2.6-0.7.3.i386.rpm


• RedHat gdk-pixbuf-0.14.0-0.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-0.14.0-0.7.2.i386.r pm


• RedHat gdk-pixbuf-0.14.0-0.7.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-0.14.0-0.7.2.ia64.r pm


• RedHat gdk-pixbuf-devel-0.14.0-0.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-devel-0.14.0-0.7.2. i386.rpm


• RedHat gdk-pixbuf-devel-0.14.0-0.7.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-devel-0.14.0-0.7.2. ia64.rpm


• RedHat gdk-pixbuf-gnome-0.14.0-0.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/gdk-pixbuf-gnome-0.14.0-0.7.2. i386.rpm


• RedHat gdk-pixbuf-gnome-0.14.0-0.7.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/gdk-pixbuf-gnome-0.14.0-0.7.2. ia64.rpm


• RedHat mozilla-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-1.0.1-2.7.2.i386.rpm


• RedHat mozilla-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-1.0.1-2.7.3.i386.rpm


• RedHat mozilla-chat-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-chat-1.0.1-2.7.2.i386. rpm


• RedHat mozilla-chat-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-chat-1.0.1-2.7.3.i386. rpm


• RedHat mozilla-devel-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-devel-1.0.1-2.7.2.i386 .rpm


• RedHat mozilla-devel-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-devel-1.0.1-2.7.3.i386 .rpm


• RedHat mozilla-dom-inspector-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-dom-inspector-1.0.1-2. 7.2.i386.rpm


• RedHat mozilla-dom-inspector-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-dom-inspector-1.0.1-2. 7.3.i386.rpm


• RedHat mozilla-js-debugger-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-js-debugger-1.0.1-2.7. 2.i386.rpm


• RedHat mozilla-js-debugger-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-js-debugger-1.0.1-2.7. 3.i386.rpm


• RedHat mozilla-mail-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-mail-1.0.1-2.7.2.i386. rpm


• RedHat mozilla-mail-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-mail-1.0.1-2.7.3.i386. rpm


• RedHat mozilla-nspr-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-1.0.1-2.7.2.i386. rpm


• RedHat mozilla-nspr-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-1.0.1-2.7.3.i386. rpm


• RedHat mozilla-nspr-devel-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.2 .i386.rpm


• RedHat mozilla-nspr-devel-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nspr-devel-1.0.1-2.7.3 .i386.rpm


• RedHat mozilla-nss-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-1.0.1-2.7.2.i386.r pm


• RedHat mozilla-nss-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-1.0.1-2.7.3.i386.r pm


• RedHat mozilla-nss-devel-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-nss-devel-1.0.1-2.7.2. i386.rpm


• RedHat mozilla-nss-devel-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-nss-devel-1.0.1-2.7.3. i386.rpm


• RedHat mozilla-psm-1.0.1-2.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mozilla-psm-1.0.1-2.7.2.i386.r pm


• RedHat mozilla-psm-1.0.1-2.7.3.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mozilla-psm-1.0.1-2.7.3.i386.r pm


• RedHat nautilus-1.0.4-48.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/nautilus-1.0.4-48.i386.rpm


• RedHat nautilus-1.0.4-48.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/nautilus-1.0.4-48.ia64.rpm


• RedHat nautilus-1.0.6-16.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/nautilus-1.0.6-16.i386.rpm


• RedHat nautilus-devel-1.0.4-48.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/nautilus-devel-1.0.4-48.i386.r pm


• RedHat nautilus-devel-1.0.4-48.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/nautilus-devel-1.0.4-48.ia64.r pm


• RedHat nautilus-devel-1.0.6-16.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/nautilus-devel-1.0.6-16.i386.r pm


• RedHat nautilus-mozilla-1.0.4-48.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/nautilus-mozilla-1.0.4-48.i386 .rpm


• RedHat nautilus-mozilla-1.0.6-16.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/nautilus-mozilla-1.0.6-16.i386 .rpm

Mozilla Browser 1.0 RC2

• Mozilla Mozilla 1.1
  http://www.mozilla.org/releases/

Mozilla Browser 1.0

• Conectiva mozilla-1.2.1-1U60_2cl.i386.rpm
  Conectiva 6.0
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mozilla-1.2.1-1U60_2cl.i3 86.rpm


• Conectiva mozilla-1.2.1-1U70_2cl.i386.rpm
  Conectiva 7.0
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-1.2.1-1U70_2cl.i3 86.rpm


• Conectiva mozilla-1.2.1-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-1.2.1-1U80_5cl.i386 .rpm


• Conectiva mozilla-devel-1.2.1-1U60_2cl.i386.rpm
  Conectiva 6.0
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mozilla-devel-1.2.1-1U60_ 2cl.i386.rpm


• Conectiva mozilla-devel-1.2.1-1U70_2cl.i386.rpm
  Conectiva 7.0
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-devel-1.2.1-1U70_ 2cl.i386.rpm


• Conectiva mozilla-devel-1.2.1-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-devel-1.2.1-1U80_5c l.i386.rpm


• Conectiva mozilla-devel-static-1.2.1-1U70_2cl.i386.rpm
  Conectiva 7.0
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-devel-static-1.2. 1-1U70_2cl.i386.rpm


• Conectiva mozilla-irc-1.2.1-1U70_2cl.i386.rpm
  Conectiva 7.0
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-irc-1.2.1-1U70_2c l.i386.rpm


• Conectiva mozilla-irc-1.2.1-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-irc-1.2.1-1U80_5cl. i386.rpm


• Conectiva mozilla-mail-1.2.1-1U70_2cl.i386.rpm
  Conectiva 7.0
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-mail-1.2.1-1U70_2 cl.i386.rpm


• Conectiva mozilla-mail-1.2.1-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-mail-1.2.1-1U80_5cl .i386.rpm


• Conectiva mozilla-psm-1.2.1-1U70_2cl.i386.rpm
  Conectiva 7.0
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-psm-1.2.1-1U70_2c l.i386.rpm


• Conectiva mozilla-psm-1.2.1-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-psm-1.2.1-1U80_5cl. i386.rpm


• Mandrake galeon-1.2.5-2.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake galeon-1.2.5-2.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake galeon-1.2.5-2.1mdk.src.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libjs-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libjs-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnautilus0-1.0.6-15.8mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnautilus0-1.0.6-15.8mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnautilus0-devel-1.0.6-15.8mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnautilus0-devel-1.0.6-15.8mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnspr4-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnspr4-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnspr4-devel-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnspr4-devel-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-devel-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libnss3-devel-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-1.0.1-4.1mdk.src.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-devel-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-devel-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-dom-inspector-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-dom-inspector-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmail-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmail-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmime-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-enigmime-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-irc-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-irc-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-js-debugger-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-js-debugger-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-mail-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-mail-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-spellchecker-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-spellchecker-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-xmlterm-1.0.1-4.1mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mozilla-xmlterm-1.0.1-4.1mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nautilus-1.0.6-15.8mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nautilus-1.0.6-15.8mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nautilus-1.0.6-15.8mdk.src.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nautilus-mozilla-1.0.6-15.8mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nautilus-mozilla-1.0.6-15.8mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mozilla Mozilla 1.0.1
  www.mozilla.org


• Mozilla Mozilla 1.1
  http://www.mozilla.org/releases/


• RedHat galeon-1.2.6-0.8.0.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/galeon-1.2.6-0.8.0.i386.rpm


• RedHat mozilla-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-1.0.1-26.i386.rpm


• RedHat mozilla-chat-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-chat-1.0.1-26.i386.rpm


• RedHat mozilla-devel-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-devel-1.0.1-26.i386.rp m


• RedHat mozilla-dom-inspector-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-dom-inspector-1.0.1-26 .i386.rpm


• RedHat mozilla-js-debugger-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-js-debugger-1.0.1-26.i 386.rpm


• RedHat mozilla-mail-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-mail-1.0.1-26.i386.rpm


• RedHat mozilla-nspr-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-1.0.1-26.i386.rpm


• RedHat mozilla-nspr-devel-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nspr-devel-1.0.1-26.i3 86.rpm


• RedHat mozilla-nss-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-1.0.1-26.i386.rpm


• RedHat mozilla-nss-devel-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-nss-devel-1.0.1-26.i38 6.rpm


• RedHat mozilla-psm-1.0.1-26.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mozilla-psm-1.0.1-26.i386.rpm

Mozilla Browser 1.0 RC1

• Mozilla Mozilla 1.1
  http://www.mozilla.org/releases/

Galeon Galeon Browser 1.2.4

• Conectiva galeon-1.2.7-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-1.2.7-1U80_5cl.i386. rpm


• Conectiva galeon-devel-1.2.7-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-devel-1.2.7-1U80_5cl .i386.rpm

Galeon Galeon Browser 1.2.5

• Conectiva galeon-1.2.7-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-1.2.7-1U80_5cl.i386. rpm


• Conectiva galeon-devel-1.2.7-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-devel-1.2.7-1U80_5cl .i386.rpm

Galeon Galeon Browser 1.2.6

• Conectiva galeon-1.2.7-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-1.2.7-1U80_5cl.i386. rpm


• Conectiva galeon-devel-1.2.7-1U80_5cl.i386.rpm
  Conectiva 8.0
  ftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-devel-1.2.7-1U80_5cl .i386.rpm