Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2004:082: mozilla

Vulnerability Assessment Details

MDKSA-2004:082: mozilla

Vulnerability Assessment Summary
Check for the version of the mozilla package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory MDKSA-2004:082 (mozilla).

A number of security vulnerabilities in mozilla are addressed by this update for
Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup
XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL
certificate spoofing, a fix for stealing secure HTTP Auth passwords via DNS
spoofing, a fix for insecure matching of cert names for non-FQDNs, a fix for
focus redefinition from another domain, a fix for a SOAP parameter overflow, a
fix for text drag on file entry, a fix for certificate DoS, and a fix for lock
icon and cert spoofing.
Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been rebuilt to
use the system libjpeg and libpng which addresses vulnerabilities discovered in
libpng (ref: MDKSA-2004:079).

Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:082
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors