Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:082: mozilla Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the mozilla package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:082 (mozilla).
A number of security vulnerabilities in mozilla are addressed by this update for
Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup
XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL
certificate spoofing, a fix for stealing secure HTTP Auth passwords via DNS
spoofing, a fix for insecure matching of cert names for non-FQDNs, a fix for
focus redefinition from another domain, a fix for a SOAP parameter overflow, a
fix for text drag on file entry, a fix for certificate DoS, and a fix for lock
icon and cert spoofing.
Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been rebuilt to
use the system libjpeg and libpng which addresses vulnerabilities discovered in
libpng (ref: MDKSA-2004:079).
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:082
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.