Gentoo Security Advisory GLSA 200505-11 (mozilla) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200505-11.

Solution

All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-1.0.4' All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-1.0.4' All Mozilla Suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-1.7.8' All Mozilla Suite binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-bin-1.7.8' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200505-11 http://bugs.gentoo.org/show_bug.cgi?id=91859 http://bugs.gentoo.org/show_bug.cgi?id=92393 http://bugs.gentoo.org/show_bug.cgi?id=92394 http://www.mozilla.org/security/announce/mfsa2005-43.html

Insight

Several vulnerabilities in the Mozilla Suite and Firefox allow an attacker to conduct cross-site scripting attacks or to execute arbitrary code.

Severity

Classification

CVE CVE-2005-1476, CVE-2005-1477

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Take action and discover your vulnerabilities