Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2005:384 - Security Advisory
Issued:
2005-04-28
Updated:
2005-04-28

RHSA-2005:384 - Security Advisory

  • Overview

Synopsis

Mozilla security update

Type/Severity

Security Advisory: Important

Topic

Updated Mozilla packages that fix various security bugs are now available.

This update has been rated as having Important security impact by the Red
Hat Security Response Team.

Description

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

Several bugs were found with the way Mozilla displays the secure site icon.
It is possible that a malicious website could display the secure site icon
along with incorrect certificate information. (CAN-2005-0143 CAN-2005-0593)

A bug was found in the way Mozilla handles synthetic middle click events.
It is possible for a malicious web page to steal the contents of a victims
clipboard. (CAN-2005-0146)

Several bugs were found with the way Mozilla handles temporary files. A
local user could view sensitive temporary information or delete arbitrary
files. (CAN-2005-0142 CAN-2005-0578)

A bug was found in the way Mozilla handles pop-up windows. It is possible
for a malicious website to control the content in an unrelated site's
pop-up window. (CAN-2004-1156)

A flaw was found in the way Mozilla displays international domain names. It
is possible for an attacker to display a valid URL, tricking the user into
thinking they are viewing a legitimate webpage when they are not.
(CAN-2005-0233)

A bug was found in the way Mozilla processes XUL content. If a malicious
web page can trick a user into dragging an object, it is possible to load
malicious XUL content. (CAN-2005-0401)

A bug was found in the way Mozilla handles xsl:include and xsl:import
directives. It is possible for a malicious website to import XSLT
stylesheets from a domain behind a firewall, leaking information to an
attacker. (CAN-2005-0588)

Several bugs were found in the way Mozilla displays alert dialogs. It is
possible for a malicious webserver or website to trick a user into thinking
the dialog window is being generated from a trusted site. (CAN-2005-0586
CAN-2005-0591 CAN-2005-0585 CAN-2005-0590 CAN-2005-0584)

A bug was found in the Mozilla javascript security manager. If a user drags
a malicious link to a tab, the javascript security manager is bypassed,
which could result in remote code execution or information disclosure.
(CAN-2005-0231)

A bug was found in the way Mozilla allows plug-ins to load privileged
content into a frame. It is possible that a malicious webpage could trick a
user into clicking in certain places to modify configuration settings or
execute arbitrary code. (CAN-2005-0232 and CAN-2005-0527)

A bug was found in the way Mozilla handles anonymous functions during
regular expression string replacement. It is possible for a malicious web
page to capture a random block of browser memory. (CAN-2005-0989)

A bug was found in the way Mozilla displays pop-up windows. If a user
choses to open a pop-up window whose URL is malicious javascript, the
script will be executed with elevated privileges. (CAN-2005-1153)

A bug was found in the way Mozilla installed search plugins. If a user
chooses to install a search plugin from a malicious site, the new plugin
could silently overwrite an existing plugin. This could allow the malicious
plugin to execute arbitrary code and stealm sensitive information.
(CAN-2005-1156 CAN-2005-1157)

Several bugs were found in the Mozilla javascript engine. A malicious web
page could leverage these issues to execute javascript with elevated
privileges or steal sensitive information. (CAN-2005-1154 CAN-2005-1155
CAN-2005-1159 CAN-2005-1160)

Users of Mozilla are advised to upgrade to this updated package which
contains Mozilla version 1.7.7 to correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

  • BZ - 142390 - CAN-2004-1156 Frame injection vulnerability.
  • BZ - 144080 - CAN-2005-0585 download dialog URL spoofing
  • BZ - 145606 - CAN-2005-0142 Opened attachments are temporarily saved world-readable
  • BZ - 145607 - CAN-2005-0143 Secure site lock can be spoofed with a binary download
  • BZ - 145613 - CAN-2005-0146 Synthetic middle-click event can steal clipboard contents
  • BZ - 147397 - homograph spoofing
  • BZ - 152580 - CAN-2005-0578 Mozilla issues (CAN-2005-0232 CAN-2005-0527 CAN-2005-0231 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588 CAN-2005-0590 CAN-2005-0591 CAN-2005-0593)
  • BZ - 155117 - CAN-2005-0989 Multiple Mozilla issues. (CAN-2005-1153 CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1159 CAN-2005-1160)

CVEs

  • CVE-2005-0593
  • CVE-2005-0591
  • CVE-2005-0590
  • CVE-2005-0588
  • CVE-2005-0586
  • CVE-2005-0585
  • CVE-2005-0584
  • CVE-2005-0578
  • CVE-2005-0527
  • CVE-2005-0401
  • CVE-2005-0233
  • CVE-2005-0232
  • CVE-2005-0231
  • CVE-2005-0146
  • CVE-2005-0143
  • CVE-2005-0142
  • CVE-2004-1156
  • CVE-2005-1157
  • CVE-2005-1156
  • CVE-2005-1155
  • CVE-2005-1154
  • CVE-2005-1153
  • CVE-2005-1160
  • CVE-2005-1159
  • CVE-2005-0989

References

(none)

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility