Summary
The remote host is missing updates announced in
advisory GLSA 200505-11.
Solution
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=www-client/mozilla-firefox-1.0.4'
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=www-client/mozilla-firefox-bin-1.0.4'
All Mozilla Suite users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-1.7.8'
All Mozilla Suite binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-bin-1.7.8'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200505-11 http://bugs.gentoo.org/show_bug.cgi?id=91859
http://bugs.gentoo.org/show_bug.cgi?id=92393
http://bugs.gentoo.org/show_bug.cgi?id=92394
http://www.mozilla.org/security/announce/mfsa2005-43.html
Insight
Several vulnerabilities in the Mozilla Suite and Firefox allow an attacker to conduct cross-site scripting attacks or to execute arbitrary code.
Severity
Classification
-
CVE CVE-2005-1476, CVE-2005-1477 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities