|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200703-05] Mozilla Suite: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Mozilla Suite: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200703-05
(Mozilla Suite: Multiple vulnerabilities)
Several vulnerabilities ranging from code execution with elevated
rights to information leaks affect the Mozilla Suite.
Impact
A remote attacker could entice a user to browse to a specially crafted
website or open a specially crafted mail that could trigger some of the
vulnerabilities, potentially allowing execution of arbitrary code,
denials of service, information leaks, or cross-site scripting attacks
leading to the robbery of cookies of authentication credentials.
Workaround
Most of the issues, but not all of them, can be prevented by disabling
the HTML rendering in the mail client and JavaScript on every
application.
References:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
Solution:
The Mozilla Suite is no longer supported and has been masked after some
necessary changes on all the other ebuilds which used to depend on it.
Mozilla Suite users should unmerge www-client/mozilla or
www-client/mozilla-bin, and switch to a supported product, like
SeaMonkey, Thunderbird or Firefox.
# emerge --unmerge "www-client/mozilla"
# emerge --unmerge "www-client/mozilla-bin"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|