| VID |
28653 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Mozilla or Firefox or Thunderbird which includes various problems is installed on the relevant host. Mozilla is an open-source based Web browser, developed by the Mozilla project. Mozilla Firefox versions prior to 1.0.1, Mozilla versions prior to 1.7.3, Thunderbird versions prior to 1.0.1, and Mozilla Suite versions prior to 1.7.6 are vulnerable to various security issues. These issues can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and by malicious people to conduct spoofing attacks, disclose and manipulate sensitive information, and potentially compromise a user's system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://secunia.com/advisories/14407/
http://secunia.com/advisories/14163/
http://www.mozilla.org/security/announce/mfsa2005-28.html
http://www.mozilla.org/security/announce/mfsa2005-24.html
http://www.mozilla.org/security/announce/mfsa2005-21.html
http://www.mozilla.org/security/announce/mfsa2005-20.html
http://www.mozilla.org/security/announce/mfsa2005-19.html
http://www.mozilla.org/security/announce/mfsa2005-18.html
http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities&flashstatus=false
http://www.mozilla.org/security/announce/mfsa2005-17.html
http://www.mozilla.org/security/announce/mfsa2005-15.html
http://www.mozilla.org/security/announce/mfsa2005-14.html
* Platforms Affected:
Mozilla Project, Firefox versions prior to 1.0.1
Mozilla Project, Mozilla versions prior to 1.7.6
Mozilla Project, Thunderbird versions prior to 1.0.1
Mozilla Project, Mozilla Suite versions prior to 1.7.6
Linux Any version
Unix Any version
Microsoft Windows Any version |
| Recommendation |
For Firefox:
Upgrade to the latest version of Firefox (1.0.1 or later), available from the Mozilla Firefox Download Web page at http://www.mozilla.org/products/firefox/
For Mozilla:
Upgrade to the latest version of Mozilla (1.7.6 or later), when it becomes available from the Mozilla CVS Repository Web site at http://www.mozilla.org/cvs.html
For Thunderbird:
Upgrade to the latest version of Thunderbird (1.0.1 or later), when it becomes available from the Mozilla CVS Repository Web site at http://www.mozilla.org/cvs.html
For Mozilla Suite:
Upgrade to the latest version of Mozilla Suite (1.7.6 or later), available from the Mozilla Suite Download Web page at http://www.mozilla.org/products/mozilla1.x/ |
| Related URL |
CVE-2005-0255,CVE-2005-0578,CVE-2005-0584,CVE-2005-0587,CVE-2005-0588,CVE-2005-0589,CVE-2005-0590,CVE-2005-0592,CVE-2005-0593 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
19522 (ISS) |
|
