Mozilla Suite Multiple Remote Vulnerabilities

BID:12659

Info

Mozilla Suite Multiple Remote Vulnerabilities

Bugtraq ID: 12659
Class: Unknown
CVE: CVE-2005-0255
CVE-2005-0578
CVE-2005-0586
CVE-2005-0588
CVE-2005-0589
CVE-2005-0590
CVE-2005-0592
CVE-2005-0593
CVE-2005-0587
Remote: Yes
Local: No
Published: Feb 25 2005 12:00AM
Updated: Jan 25 2007 04:21PM
Credit: Tavis Ormandy <[email protected]>, Andreas Sanblad, Masayuki Nakano (Mozilla Japan) <[email protected]>, Georgi Guninski <[email protected]>, Matt Brubeck Daniel de Wildt, Gaël Delalleau, Phil Ringnalda <[email protected]>, wind l
Vulnerable: SGI ProPack 3.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
Redhat Linux 9.0 i386
Redhat Linux 7.3 i686
Redhat Linux 7.3 i386
Redhat Linux 7.3
Redhat Fedora Core3
Redhat Fedora Core2
Redhat Fedora Core1
Redhat Enterprise Linux WS 4
Redhat Enterprise Linux WS 3
Redhat Enterprise Linux WS 2.1 IA64
Redhat Enterprise Linux WS 2.1
Redhat Enterprise Linux ES 4
Redhat Enterprise Linux ES 3
Redhat Enterprise Linux ES 2.1 IA64
Redhat Enterprise Linux ES 2.1
Redhat Enterprise Linux AS 4
Redhat Enterprise Linux AS 3
Redhat Enterprise Linux AS 2.1 IA64
Redhat Enterprise Linux AS 2.1
Redhat Desktop 4.0
Redhat Desktop 3.0
Redhat Advanced Workstation for the Itanium Processor 2.1 IA64
Redhat Advanced Workstation for the Itanium Processor 2.1
Netscape Netscape 7.2
Netscape Netscape 7.1
Netscape Netscape 7.0
Mozilla Thunderbird 1.0
Mozilla Thunderbird 0.9
Mozilla Thunderbird 0.8
Mozilla Thunderbird 0.7.3
Mozilla Thunderbird 0.7.2
Mozilla Thunderbird 0.7.1
Mozilla Thunderbird 0.7
Mozilla Thunderbird 0.6
Mozilla Firefox 1.0
+ Gentoo Linux
+ Gentoo Linux
+ S.u.S.E. Linux Personal 9.2 x86_64
 + S.u.S.E. Linux Personal 9.2 x86_64
 + S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
 + S.u.S.E. Linux Personal 9.1 x86_64
 + S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 9.0
+ Slackware Linux 10.1
+ Slackware Linux 10.0
+ Slackware Linux 10.0
+ Slackware Linux 9.1
+ Slackware Linux 9.1
+ Slackware Linux -current
 + Slackware Linux -current
 Mozilla Firefox 0.10.1
Mozilla Firefox 0.10
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9 rc
Mozilla Firefox 0.9
Mozilla Firefox 0.8
Mozilla Browser 1.7.5
+ HP Tru64 5.1 B-2 PK4 (BL25)
 + HP Tru64 5.1 B-2 PK4
 + HP Tru64 5.1 B-2 PK4
 + HP Tru64 5.1 B PK4
 + HP Tru64 5.1 B PK4
 + HP Tru64 5.1 A PK6 (BL24)
 + HP Tru64 5.1 A PK6 (BL24)
 + HP Tru64 5.1 A PK6
 + HP Tru64 5.1 A PK6
 Mozilla Browser 1.7.4
Mozilla Browser 1.7.3
+ HP HP-UX B.11.23
 + HP HP-UX B.11.22
 + HP HP-UX B.11.22
 + HP HP-UX B.11.11
 + HP HP-UX B.11.11
 + HP HP-UX B.11.11
 + HP HP-UX B.11.11
 + HP HP-UX B.11.00
 + HP HP-UX B.11.00
 + HP Tru64 5.1 B-2 PK4 (BL25)
 + HP Tru64 5.1 B-2 PK4 (BL25)
 + HP Tru64 5.1 B-2 PK4
 + HP Tru64 5.1 B-2 PK4
 + HP Tru64 5.1 B PK4
 + HP Tru64 5.1 B PK4
 + HP Tru64 5.1 A PK6 (BL24)
 + HP Tru64 5.1 A PK6 (BL24)
 + HP Tru64 5.1 A PK6
 + HP Tru64 5.1 A PK6
 Mozilla Browser 1.7.2
Mozilla Browser 1.7.1
Mozilla Browser 1.7
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.00
Gentoo Linux
Not Vulnerable: Netscape Netscape 8.0
Mozilla Thunderbird 1.0.1
Mozilla Firefox 1.0.1
+ Redhat Fedora Core3
 Mozilla Browser 1.7.6
+ HP HP-UX B.11.23
 + HP HP-UX B.11.23
 + HP HP-UX B.11.22
 + HP HP-UX B.11.22
 + HP HP-UX B.11.11
 + HP HP-UX B.11.11
 + HP HP-UX B.11.11
 + HP HP-UX B.11.11
 + HP HP-UX B.11.00
 + HP HP-UX B.11.00
 + Redhat Desktop 4.0
+ Redhat Desktop 4.0
+ Redhat Enterprise Linux AS 4
 + Redhat Enterprise Linux AS 4
 + Redhat Enterprise Linux ES 4
 + Redhat Enterprise Linux ES 4
 + Redhat Enterprise Linux WS 4
 + Redhat Enterprise Linux WS 4
 + Turbolinux Home
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
 + Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 10.0

Discussion

Mozilla Suite Multiple Remote Vulnerabilities

Multiple remote vulnerabilities affect Mozilla Suite, Firefox, and Thunderbird, as reported in several Mozilla Foundation Security Advisories:

- 2005-28: An issue affecting the plugin functionality; temporary directories are created in an insecure manner.
- 2005-22: A dialog-spoofing vulnerability.
- 2005-21: A '.lnk' link file arbitrary file-overwrite vulnerability.
- 2005-20: An XSLT stylesheet information-disclosure vulnerability.
- 2005-19: An information-disclosure issue affecting the form auto-complete functionality.
- 2005-18: A buffer-overflow vulnerability.
- 2005-17: A dialog-spoofing vulnerability affecting installation confirmation.
- 2005-15: A heap-overflow vulnerability in UTF8 encoding.
- 2005-15: Multiple spoofing vulnerabilities affecting the SSL 'secure site' lock icon.

An attacker may leverage these issues to spoof dialog boxes and SSL 'secure site' icons, to carry out symbolic-link attacks, to execute arbitrary code, and to access potentially sensitive information.

Please note that this BID will be separated into individual BIDs as soon as further research into each of the vulnerabilities is completed, at which time this 'umbrella' BID will be retired.

Exploit / POC

Mozilla Suite Multiple Remote Vulnerabilities


For most of these issues, an exploit is not required to carry out an attack. For the issues that require an exploit, we are currently unaware of any. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Solution / Fix

Mozilla Suite Multiple Remote Vulnerabilities

Solution:
The vendor has released upgrades dealing with these issues. Mozilla has reported that a pending release of Mozilla Suite 1.7.6 will be released dealing with these issues in the near future. This BID will be updated upon release.

Please see the referenced advisories for further information.


Mozilla Firefox 0.10

Mozilla Firefox 0.10.1

Mozilla Thunderbird 0.6

Mozilla Thunderbird 0.7

Mozilla Thunderbird 0.7.1

Mozilla Thunderbird 0.7.2

Mozilla Thunderbird 0.7.3

Mozilla Firefox 0.8

Mozilla Thunderbird 0.8

Mozilla Firefox 0.9

Mozilla Thunderbird 0.9

Mozilla Firefox 0.9 rc

Mozilla Firefox 0.9.1

Mozilla Firefox 0.9.2

Mozilla Firefox 0.9.3

Mozilla Firefox 1.0

Mozilla Thunderbird 1.0

Mozilla Browser 1.7

Mozilla Browser 1.7.1

Mozilla Browser 1.7.2

Mozilla Browser 1.7.3

Mozilla Browser 1.7.4

Mozilla Browser 1.7.5

S.u.S.E. Linux Professional 10.0

Netscape Netscape 7.0

Netscape Netscape 7.1

Netscape Netscape 7.2

S.u.S.E. Linux Professional 9.1

S.u.S.E. Linux Professional 9.2

S.u.S.E. Linux Professional 9.3

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report