You are here

RHN Errata Alert: Updated Mozilla packages fix a security issue

AlbLinux's picture

RHN Errata Alert: Updated Mozilla packages fix a security issue
Security Advisory - RHSA-2002:079-13
Complete information about this errata can be found at the following location:
https://rhn.redhat.com/network/errata/errata_details.pxt?eid=1074

RHN Errata Alert: Updated Mozilla packages fix a security issueSummary:
Updated Mozilla packages fix a security issue

Updated packages are available which fix a security issue in Mozilla.

Description:
One component of the XML Extras package in Mozilla 0.9.9 and earlier allows remote attackers to read arbitrary files and list directories on a client system. This exploit is performed by opening a
URL
that redirects the browser to the file on the client and reading the results using the responseText property.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0354 to this issue.

Users of Mozilla are advised to upgrade to these errata packages which
have
been patched and are not vulnerable to this issue.

References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0354
http://sec.greymagic.com/adv/gm001-ns/
http://bugzilla.mozilla.org/show_bug.cgi?id=141061
------------------------------------------------------------------------------

-------------
Taking Action
-------------
You may address the issues outlined in this advisory in two ways:

- select your server name by clicking on its name from the list
available at the following location, and then schedule an
errata update for it:
https://rhn.redhat.com/network/systemlist/system_list.pxt

- run the Update Agent on each affected server.

---------------------------------
Changing Notification Preferences
---------------------------------
To enable/disable your Errata Alert preferences globally please log in to RHN and navigate from "Your RHN" / "Your Account" to the "Preferences" tab.

URL: https://rhn.redhat.com/network/my_account/my_prefs.pxt

You can also enable/disable notification on a per system basis by selecting an individual system from the "Systems List". From the individual system view click the "Details" tab.