1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200703-05">
<title>Mozilla Suite: Multiple vulnerabilities</title>
<synopsis>
Several vulnerabilities exist in the Mozilla Suite, which is no longer
supported by the Mozilla project.
</synopsis>
<product type="ebuild">mozilla</product>
<announced>March 03, 2007</announced>
<revised>March 03, 2007: 01</revised>
<bug>135257</bug>
<access>remote</access>
<affected>
<package name="www-client/mozilla" auto="yes" arch="*">
<vulnerable range="le">1.7.13</vulnerable>
</package>
<package name="www-client/mozilla-bin" auto="yes" arch="*">
<vulnerable range="le">1.7.13</vulnerable>
</package>
</affected>
<background>
<p>
The Mozilla Suite is a popular all-in-one web browser that includes a
mail and news reader.
</p>
</background>
<description>
<p>
Several vulnerabilities ranging from code execution with elevated
privileges to information leaks affect the Mozilla Suite.
</p>
</description>
<impact type="normal">
<p>
A remote attacker could entice a user to browse to a specially crafted
website or open a specially crafted mail that could trigger some of the
vulnerabilities, potentially allowing execution of arbitrary code,
denials of service, information leaks, or cross-site scripting attacks
leading to the robbery of cookies of authentication credentials.
</p>
</impact>
<workaround>
<p>
Most of the issues, but not all of them, can be prevented by disabling
the HTML rendering in the mail client and JavaScript on every
application.
</p>
</workaround>
<resolution>
<p>
The Mozilla Suite is no longer supported and has been masked after some
necessary changes on all the other ebuilds which used to depend on it.
Mozilla Suite users should unmerge www-client/mozilla or
www-client/mozilla-bin, and switch to a supported product, like
SeaMonkey, Thunderbird or Firefox.
</p>
<code>
# emerge --unmerge "www-client/mozilla"
# emerge --unmerge "www-client/mozilla-bin"</code>
</resolution>
<references>
<uri link="http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla">Official Advisory</uri>
</references>
<metadata tag="requester" timestamp="Fri, 23 Feb 2007 17:38:03 +0000">
falco
</metadata>
<metadata tag="submitter" timestamp="Tue, 27 Feb 2007 15:55:16 +0000">
falco
</metadata>
<metadata tag="bugReady" timestamp="Tue, 27 Feb 2007 15:58:20 +0000">
falco
</metadata>
</glsa>
|