Security Advisory mozilla security update

Advisory: RHSA-2003:163-11
Type: Security Advisory
Severity: Important
Issued on: 2003-10-15
Last updated on: 2003-10-15
Affected Products: Other
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2002-1308

Details

Updated Mozilla packages that fix various bugs and security issues in
previous versions of Mozilla are now available.

Mozilla is an open source Web browser.

A heap-based buffer overflow in Netscape and Mozilla allows remote
attackers to execute arbitrary code via a jar: URL that references a
malformed .jar file, which overflows a buffer during decompression.

These errata packages upgrade Mozilla to version 1.0.2, which is not
vulnerable to this issue. Mozilla 1.0.2 also contains a number of other
stability and security updates.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate
Errors, you need to install a version of the up2date client with an updated
certificate. The latest version of up2date is available from the Red Hat
FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Other
SRPMS:
galeon-1.2.11-0.2.1.src.rpm
File outdated by:  RHSA-2006:0329		     dc27a4ffca42afe0c33afca002fd5e59
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
galeon-1.2.11-0.2.1.src.rpm
File outdated by:  RHSA-2006:0329		     dc27a4ffca42afe0c33afca002fd5e59
mozilla-1.0.2-4.2.1.src.rpm
File outdated by:  RHSA-2006:0329		     04d4b4bc3c87eacb7a68df7eacbea2f9
 
IA-32:
galeon-1.2.11-0.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     b8189cde548f50be50d4fbd42327a7db
mozilla-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     9c1737d16cf21bcb70332949ccdb9e3c
mozilla-chat-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     20d836da46967ec4b8ecffbf011f008c
mozilla-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     5aa7497a2fe154512ccc2ae02123ea0c
mozilla-dom-inspector-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     cd34ba0258e2b646ac068abd9e326a3e
mozilla-js-debugger-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     38d3f5bdc37fe57d92222af1c85bacd6
mozilla-mail-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     3f1104fb84b71dcb71a7c210f8e00b30
mozilla-nspr-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     e8e65dfdb4d28c860a793fc566fd0c10
mozilla-nspr-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     2b6575a06d1cafb03c370c9049002b39
mozilla-nss-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     0698bd3a738d0732844d26c2f47a2ed2
mozilla-nss-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     439328058f47b6e877a822b1d5e001c6
mozilla-psm-1.0.2-4.2.1.i386.rpm     d58d8ee53ce5edcb743d77976a89197d
 
IA-64:
mozilla-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     6b1d60f81396ab50975de7d34a23006d
mozilla-chat-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     8075f86c12e458418e97774c9ec71a7e
mozilla-devel-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     5f934981e542bea94c64046ce460f25d
mozilla-dom-inspector-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     888e2c4f972cd9330b8336244c82f61e
mozilla-js-debugger-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     d7a760da0f227a7196334cf63b95b7a0
mozilla-mail-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     0a80c58c8cc75953726a1bfcb8d0c827
mozilla-nspr-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     c8949bfa511ca41982511291356ed5a3
mozilla-nspr-devel-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     0fc98adb0af6c96133883c938dc873cb
mozilla-nss-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     67e5257e18cc5da401b5555b6bc4e529
mozilla-nss-devel-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     c437a8615fb82903d43f6b328b4c3d50
mozilla-psm-1.0.2-4.2.1.ia64.rpm     7a6be7c4357cd8ad2b80249448130fc2
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
galeon-1.2.11-0.2.1.src.rpm
File outdated by:  RHSA-2006:0329		     dc27a4ffca42afe0c33afca002fd5e59
mozilla-1.0.2-4.2.1.src.rpm
File outdated by:  RHSA-2006:0329		     04d4b4bc3c87eacb7a68df7eacbea2f9
 
IA-32:
galeon-1.2.11-0.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     b8189cde548f50be50d4fbd42327a7db
mozilla-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     9c1737d16cf21bcb70332949ccdb9e3c
mozilla-chat-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     20d836da46967ec4b8ecffbf011f008c
mozilla-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     5aa7497a2fe154512ccc2ae02123ea0c
mozilla-dom-inspector-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     cd34ba0258e2b646ac068abd9e326a3e
mozilla-js-debugger-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     38d3f5bdc37fe57d92222af1c85bacd6
mozilla-mail-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     3f1104fb84b71dcb71a7c210f8e00b30
mozilla-nspr-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     e8e65dfdb4d28c860a793fc566fd0c10
mozilla-nspr-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     2b6575a06d1cafb03c370c9049002b39
mozilla-nss-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     0698bd3a738d0732844d26c2f47a2ed2
mozilla-nss-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     439328058f47b6e877a822b1d5e001c6
mozilla-psm-1.0.2-4.2.1.i386.rpm     d58d8ee53ce5edcb743d77976a89197d
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
galeon-1.2.11-0.2.1.src.rpm
File outdated by:  RHSA-2006:0329		     dc27a4ffca42afe0c33afca002fd5e59
mozilla-1.0.2-4.2.1.src.rpm
File outdated by:  RHSA-2006:0329		     04d4b4bc3c87eacb7a68df7eacbea2f9
 
IA-32:
galeon-1.2.11-0.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     b8189cde548f50be50d4fbd42327a7db
mozilla-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     9c1737d16cf21bcb70332949ccdb9e3c
mozilla-chat-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     20d836da46967ec4b8ecffbf011f008c
mozilla-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     5aa7497a2fe154512ccc2ae02123ea0c
mozilla-dom-inspector-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     cd34ba0258e2b646ac068abd9e326a3e
mozilla-js-debugger-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     38d3f5bdc37fe57d92222af1c85bacd6
mozilla-mail-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     3f1104fb84b71dcb71a7c210f8e00b30
mozilla-nspr-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     e8e65dfdb4d28c860a793fc566fd0c10
mozilla-nspr-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     2b6575a06d1cafb03c370c9049002b39
mozilla-nss-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     0698bd3a738d0732844d26c2f47a2ed2
mozilla-nss-devel-1.0.2-4.2.1.i386.rpm
File outdated by:  RHSA-2006:0329		     439328058f47b6e877a822b1d5e001c6
mozilla-psm-1.0.2-4.2.1.i386.rpm     d58d8ee53ce5edcb743d77976a89197d
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
mozilla-1.0.2-4.2.1.src.rpm
File outdated by:  RHSA-2006:0329		     04d4b4bc3c87eacb7a68df7eacbea2f9
 
IA-64:
mozilla-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     6b1d60f81396ab50975de7d34a23006d
mozilla-chat-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     8075f86c12e458418e97774c9ec71a7e
mozilla-devel-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     5f934981e542bea94c64046ce460f25d
mozilla-dom-inspector-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     888e2c4f972cd9330b8336244c82f61e
mozilla-js-debugger-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     d7a760da0f227a7196334cf63b95b7a0
mozilla-mail-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     0a80c58c8cc75953726a1bfcb8d0c827
mozilla-nspr-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     c8949bfa511ca41982511291356ed5a3
mozilla-nspr-devel-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     0fc98adb0af6c96133883c938dc873cb
mozilla-nss-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     67e5257e18cc5da401b5555b6bc4e529
mozilla-nss-devel-1.0.2-4.2.1.ia64.rpm
File outdated by:  RHSA-2006:0329		     c437a8615fb82903d43f6b328b4c3d50
mozilla-psm-1.0.2-4.2.1.ia64.rpm     7a6be7c4357cd8ad2b80249448130fc2
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

89289 - CAN-2002-1308 Mozilla still susceptible to Netscape .JAR issue


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1308
http://www.mozilla.org/releases/mozilla1.0.2/

Keywords

files, jar, netscape

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/