|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2004-486: galeon Vulnerability Assessment Details
|
RHSA-2004-486: galeon |
||
Check for the version of the galeon packages Detailed Explanation for this Vulnerability Assessment Updated mozilla packages that fix a number of security issues are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Jesse Ruderman discovered a cross-domain scripting bug in Mozilla. If a user is tricked into dragging a javascript link into another frame or page, it becomes possible for a possible hacker to steal or modify sensitive information from that site. Additionally, if a user is tricked into dragging two links in sequence to another window (not frame), it is possible for the attacker to execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0905 to this issue. Gael Delalleau discovered an integer overflow which affects the BMP handling code inside Mozilla. A possible hacker could create a carefully crafted BMP file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0904 to this issue. Georgi Guninski discovered a stack-based buffer overflow in the vCard display routines. A possible hacker could create a carefully crafted vCard file in such a way that it would cause Mozilla to crash or execute arbitrary code when viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0903 to this issue. Wladimir Palant discovered a flaw in the way javascript interacts with the clipboard. It is possible that a possible hacker could use malicious javascript code to steal sensitive data which has been copied into the clipboard. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0908 to this issue. Georgi Guninski discovered a heap based buffer overflow in the "Send Page" feature. It is possible that a possible hacker could construct a link in such a way that a user attempting to forward it could result in a crash or arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0902 to this issue. Users of Mozilla should update to these updated packages, which contain backported patches and are not vulnerable to these issues. Solution : http://rhn.redhat.com/errata/RHSA-2004-486.html Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security |
||
Cables, Connectors |
512GB USB Flash Drive External Storage Memory Stick For iPhone iPad Android
$17.59
SanDisk 16GB Ultra USB 3.0 Flash Drive - SDCZ48-016G-U46
$6.25
SanDisk 32GB Ultra Dual Drive USB Type-C, USB 3.1 Flash Drive - SDDDC2-032G-G46
$10.99
SanDisk 128GB Extreme PRO USB 3.2 Solid State Flash Drive - SDCZ880-128G-A46
$36.99
New TESLA OEM Model S,3,X,Y USB Flash Drive for Dashcam & Sentry Mode 128GB
$18.99
Lenovo USB 16TB 3.0 USB Flash Drive Thumb Disk Silver Transfer Metal Memory
$24.99
Sandisk 16GB 32GB 64GB 128GB Cruzer Blade Flash Drive Memory Stick USB Lot Pack
$4.99
Mechanical Style Flash Drive USB 3.0 High Speed 16TB Large Capacity Waterproof
$8.37
USB Flash Drive Memory Stick Pendrive Thumb Drive 4GB, 8GB, 32GB, 64GB 128GB LOT
$249.37
1TB/2TB USB 3.0 Flash Drive Thumb U Disk Memory Stick Pen PC Laptop Storage lot
$80.39
|
||
No Discussions have been posted on this vulnerability. |