Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Slackware Local Security Checks >> SSA-2004-223-01 Mozilla

Vulnerability Assessment Details

SSA-2004-223-01 Mozilla

Vulnerability Assessment Summary
SSA-2004-223-01 Mozilla

Detailed Explanation for this Vulnerability Assessment

New Mozilla packages are available for Slackware 9.1, 10.0, and -current
to fix a number of security issues. Slackware 10.0 and -current were
upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3.
As usual, new versions of Mozilla require new versions of things that link
with the Mozilla libraries, so for Slackware 10.0 and -current new versions
of epiphany, galeon, gaim, and mozilla-tests have also been provided.
There don't appear to be epiphany and galeon versions that are compatible
with Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not
provided and Epiphany and Galeon will be broken on Slackware 9.1 if the
new Mozilla package is installed. Furthermore, earlier versions of
Mozilla (such as the 1.3 series) were not fixed upstream, so versions
of Slackware earlier than 9.1 will remain vulnerable to these browser
issues. If you still use Slackware 9.0 or earlier, you may want to
consider removing Mozilla or upgrading to a newer version.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

Issues fixed in Mozilla 1.7.2:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0758

Issues fixed in Mozilla 1.4.3:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0765

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Michel Arboi

Cables, Connectors