Red Hat Product Errata RHSA-2004:486 - Security Advisory
Issued:
2004-09-30
Updated:
2004-09-30

RHSA-2004:486 - Security Advisory

Synopsis

mozilla security update

Type/Severity

Security Advisory: Critical

Topic

Updated mozilla packages that fix a number of security issues are now
available.

Description

Mozilla is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

Jesse Ruderman discovered a cross-domain scripting bug in Mozilla. If
a user is tricked into dragging a javascript link into another frame or
page, it becomes possible for an attacker to steal or modify sensitive
information from that site. Additionally, if a user is tricked into
dragging two links in sequence to another window (not frame), it is
possible for the attacker to execute arbitrary commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0905 to this issue.

Gael Delalleau discovered an integer overflow which affects the BMP
handling code inside Mozilla. An attacker could create a carefully crafted
BMP file in such a way that it would cause Mozilla to crash or execute
arbitrary code when the image is viewed. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0904 to
this issue.

Georgi Guninski discovered a stack-based buffer overflow in the vCard
display routines. An attacker could create a carefully crafted vCard file
in such a way that it would cause Mozilla to crash or execute arbitrary
code when viewed. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0903 to this issue.

Wladimir Palant discovered a flaw in the way javascript interacts with
the clipboard. It is possible that an attacker could use malicious
javascript code to steal sensitive data which has been copied into the
clipboard. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0908 to this issue.

Georgi Guninski discovered a heap based buffer overflow in the "Send
Page" feature. It is possible that an attacker could construct a link in
such a way that a user attempting to forward it could result in a crash or
arbitrary code execution. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0902 to this issue.

Users of Mozilla should update to these updated packages, which contain
backported patches and are not vulnerable to these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

  • BZ - 133012 - CAN-2004-0905 javascript link dragging information leak
  • BZ - 133013 - CAN-2004-0905 javascript link dragging information leak
  • BZ - 133014 - CAN-2004-0904 BMP integer overflows
  • BZ - 133015 - CAN-2004-0904 BMP integer overflows
  • BZ - 133016 - CAN-2004-0903 VCard buffer overflow
  • BZ - 133017 - CAN-2004-0903 VCard buffer overflow
  • BZ - 133021 - CAN-2004-0908 javascript clipboard information leakage
  • BZ - 133022 - CAN-2004-0908 javascript clipboard information leakage
  • BZ - 133023 - CAN-2004-0902 "send page" heap based buffer overflow
  • BZ - 133024 - CAN-2004-0902 "send page" heap based buffer overflow

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.