Skip to navigation

Security Advisory mozilla security update

Advisory: RHSA-2003:163-11
Type: Security Advisory
Severity: Important
Issued on: 2003-10-15
Last updated on: 2003-10-15
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2002-1308

Details

Updated Mozilla packages that fix various bugs and security issues in
previous versions of Mozilla are now available.

Mozilla is an open source Web browser.

A heap-based buffer overflow in Netscape and Mozilla allows remote
attackers to execute arbitrary code via a jar: URL that references a
malformed .jar file, which overflows a buffer during decompression.

These errata packages upgrade Mozilla to version 1.0.2, which is not
vulnerable to this issue. Mozilla 1.0.2 also contains a number of other
stability and security updates.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate
Errors, you need to install a version of the up2date client with an updated
certificate. The latest version of up2date is available from the Red Hat
FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
galeon-1.2.11-0.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: dc27a4ffca42afe0c33afca002fd5e59
galeon-1.2.11-0.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: dc27a4ffca42afe0c33afca002fd5e59
mozilla-1.0.2-4.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: 04d4b4bc3c87eacb7a68df7eacbea2f9
mozilla-1.0.2-4.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: 04d4b4bc3c87eacb7a68df7eacbea2f9
 
IA-32:
galeon-1.2.11-0.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: b8189cde548f50be50d4fbd42327a7db
mozilla-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 9c1737d16cf21bcb70332949ccdb9e3c
mozilla-chat-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 20d836da46967ec4b8ecffbf011f008c
mozilla-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 5aa7497a2fe154512ccc2ae02123ea0c
mozilla-dom-inspector-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: cd34ba0258e2b646ac068abd9e326a3e
mozilla-js-debugger-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 38d3f5bdc37fe57d92222af1c85bacd6
mozilla-mail-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 3f1104fb84b71dcb71a7c210f8e00b30
mozilla-nspr-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: e8e65dfdb4d28c860a793fc566fd0c10
mozilla-nspr-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 2b6575a06d1cafb03c370c9049002b39
mozilla-nss-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 0698bd3a738d0732844d26c2f47a2ed2
mozilla-nss-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 439328058f47b6e877a822b1d5e001c6
ftp://updates.redhat.com/rhn/repository/NULL/mozilla-psm/1.0.2-4.2.1/i386/mozilla-psm-1.0.2-4.2.1.i386.rpm
Missing file
    MD5: d58d8ee53ce5edcb743d77976a89197d
 
IA-64:
mozilla-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 6b1d60f81396ab50975de7d34a23006d
mozilla-chat-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 8075f86c12e458418e97774c9ec71a7e
mozilla-devel-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 5f934981e542bea94c64046ce460f25d
mozilla-dom-inspector-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 888e2c4f972cd9330b8336244c82f61e
mozilla-js-debugger-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: d7a760da0f227a7196334cf63b95b7a0
mozilla-mail-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 0a80c58c8cc75953726a1bfcb8d0c827
mozilla-nspr-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: c8949bfa511ca41982511291356ed5a3
mozilla-nspr-devel-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 0fc98adb0af6c96133883c938dc873cb
mozilla-nss-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 67e5257e18cc5da401b5555b6bc4e529
mozilla-nss-devel-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: c437a8615fb82903d43f6b328b4c3d50
ftp://updates.redhat.com/rhn/repository/NULL/mozilla-psm/1.0.2-4.2.1/ia64/mozilla-psm-1.0.2-4.2.1.ia64.rpm
Missing file
    MD5: 7a6be7c4357cd8ad2b80249448130fc2
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
galeon-1.2.11-0.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: dc27a4ffca42afe0c33afca002fd5e59
galeon-1.2.11-0.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: dc27a4ffca42afe0c33afca002fd5e59
mozilla-1.0.2-4.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: 04d4b4bc3c87eacb7a68df7eacbea2f9
mozilla-1.0.2-4.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: 04d4b4bc3c87eacb7a68df7eacbea2f9
 
IA-32:
galeon-1.2.11-0.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: b8189cde548f50be50d4fbd42327a7db
mozilla-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 9c1737d16cf21bcb70332949ccdb9e3c
mozilla-chat-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 20d836da46967ec4b8ecffbf011f008c
mozilla-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 5aa7497a2fe154512ccc2ae02123ea0c
mozilla-dom-inspector-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: cd34ba0258e2b646ac068abd9e326a3e
mozilla-js-debugger-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 38d3f5bdc37fe57d92222af1c85bacd6
mozilla-mail-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 3f1104fb84b71dcb71a7c210f8e00b30
mozilla-nspr-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: e8e65dfdb4d28c860a793fc566fd0c10
mozilla-nspr-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 2b6575a06d1cafb03c370c9049002b39
mozilla-nss-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 0698bd3a738d0732844d26c2f47a2ed2
mozilla-nss-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 439328058f47b6e877a822b1d5e001c6
ftp://updates.redhat.com/rhn/repository/NULL/mozilla-psm/1.0.2-4.2.1/i386/mozilla-psm-1.0.2-4.2.1.i386.rpm
Missing file
    MD5: d58d8ee53ce5edcb743d77976a89197d
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
galeon-1.2.11-0.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: dc27a4ffca42afe0c33afca002fd5e59
galeon-1.2.11-0.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: dc27a4ffca42afe0c33afca002fd5e59
mozilla-1.0.2-4.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: 04d4b4bc3c87eacb7a68df7eacbea2f9
mozilla-1.0.2-4.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: 04d4b4bc3c87eacb7a68df7eacbea2f9
 
IA-32:
galeon-1.2.11-0.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: b8189cde548f50be50d4fbd42327a7db
mozilla-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 9c1737d16cf21bcb70332949ccdb9e3c
mozilla-chat-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 20d836da46967ec4b8ecffbf011f008c
mozilla-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 5aa7497a2fe154512ccc2ae02123ea0c
mozilla-dom-inspector-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: cd34ba0258e2b646ac068abd9e326a3e
mozilla-js-debugger-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 38d3f5bdc37fe57d92222af1c85bacd6
mozilla-mail-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 3f1104fb84b71dcb71a7c210f8e00b30
mozilla-nspr-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: e8e65dfdb4d28c860a793fc566fd0c10
mozilla-nspr-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 2b6575a06d1cafb03c370c9049002b39
mozilla-nss-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 0698bd3a738d0732844d26c2f47a2ed2
mozilla-nss-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329
    MD5: 439328058f47b6e877a822b1d5e001c6
ftp://updates.redhat.com/rhn/repository/NULL/mozilla-psm/1.0.2-4.2.1/i386/mozilla-psm-1.0.2-4.2.1.i386.rpm
Missing file
    MD5: d58d8ee53ce5edcb743d77976a89197d
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
mozilla-1.0.2-4.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: 04d4b4bc3c87eacb7a68df7eacbea2f9
mozilla-1.0.2-4.2.1.src.rpm
File outdated by:  RHSA-2006:0329
    MD5: 04d4b4bc3c87eacb7a68df7eacbea2f9
 
IA-64:
mozilla-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 6b1d60f81396ab50975de7d34a23006d
mozilla-chat-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 8075f86c12e458418e97774c9ec71a7e
mozilla-devel-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 5f934981e542bea94c64046ce460f25d
mozilla-dom-inspector-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 888e2c4f972cd9330b8336244c82f61e
mozilla-js-debugger-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: d7a760da0f227a7196334cf63b95b7a0
mozilla-mail-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 0a80c58c8cc75953726a1bfcb8d0c827
mozilla-nspr-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: c8949bfa511ca41982511291356ed5a3
mozilla-nspr-devel-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 0fc98adb0af6c96133883c938dc873cb
mozilla-nss-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: 67e5257e18cc5da401b5555b6bc4e529
mozilla-nss-devel-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329
    MD5: c437a8615fb82903d43f6b328b4c3d50
ftp://updates.redhat.com/rhn/repository/NULL/mozilla-psm/1.0.2-4.2.1/ia64/mozilla-psm-1.0.2-4.2.1.ia64.rpm
Missing file
    MD5: 7a6be7c4357cd8ad2b80249448130fc2
 

Bugs fixed (see bugzilla for more information)

89289 - CAN-2002-1308 Mozilla still susceptible to Netscape .JAR issue


References


Keywords

files, jar, netscape


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/