[ GLSA 200703-05 ] Mozilla Suite: Multiple vulnerabilities

[GLSA]

Gentoo Linux Security Advisory

Title: Mozilla Suite: Multiple vulnerabilities (GLSA 200703-05)
Severity: normal
Exploitable: remote
Date: March 03, 2007
Bug(s): #135257
ID: 200703-05

Synopsis


Several vulnerabilities exist in the Mozilla Suite, which is no longer
supported by the Mozilla project.


Background


The Mozilla Suite is a popular all-in-one web browser that includes a
mail and news reader.


Affected Packages

Package: www-client/mozilla
Vulnerable: <= 1.7.13
Architectures: All supported architectures

Package: www-client/mozilla-bin
Vulnerable: <= 1.7.13
Architectures: All supported architectures


Description


Several vulnerabilities ranging from code execution with elevated
privileges to information leaks affect the Mozilla Suite.


Impact


A remote attacker could entice a user to browse to a specially crafted
website or open a specially crafted mail that could trigger some of the
vulnerabilities, potentially allowing execution of arbitrary code,
denials of service, information leaks, or cross-site scripting attacks
leading to the robbery of cookies of authentication credentials.


Workaround


Most of the issues, but not all of them, can be prevented by disabling
the HTML rendering in the mail client and JavaScript on every
application.


Resolution


The Mozilla Suite is no longer supported and has been masked after some
necessary changes on all the other ebuilds which used to depend on it.
Mozilla Suite users should unmerge www-client/mozilla or
www-client/mozilla-bin, and switch to a supported product, like
SeaMonkey, Thunderbird or Firefox.