Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://www.mozilla.org/security/announce/mfsa2005-33.html https://bugzilla.mozilla.org/show_bug.cgi?id=288688 http://www.vuxml.org/freebsd/45b75152-ae5f-11d9-a788-0001020eed82.html
Insight
The following packages are affected:
firefox linux-firefox mozilla linux-mozilla linux-mozilla-devel netscape7 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7
CVE-2005-0989
The find_replen function in jsstr.c in the the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
Severity
Classification
-
CVE CVE-2005-0989 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities