RHSA-2005_277
Vulnerability from csaf_redhat - Published: 2005-03-04 09:22 - Updated: 2005-03-04 00:00Summary
Red Hat Security Advisory: mozilla security update
Notes
Topic
Updated mozilla packages that fix a buffer overflow issue are now available.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.
A bug was found in the Mozilla string handling functions. If a malicious
website is able to exhaust a system's memory, it becomes possible to
execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0255 to this issue.
Please note that other security issues have been found that affect Mozilla.
These other issues have a lower severity, and are therefore planned to be
released as additional security updates in the future.
Users of Mozilla should upgrade to these updated packages, which contain a
backported patch and are not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated mozilla packages that fix a buffer overflow issue are now available.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla is an open source Web browser, advanced email and newsgroup client,\nIRC chat client, and HTML editor.\n\nA bug was found in the Mozilla string handling functions. If a malicious\nwebsite is able to exhaust a system\u0027s memory, it becomes possible to\nexecute arbitrary code. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2005-0255 to this issue.\n\nPlease note that other security issues have been found that affect Mozilla.\nThese other issues have a lower severity, and are therefore planned to be\nreleased as additional security updates in the future.\n\nUsers of Mozilla should upgrade to these updated packages, which contain a\nbackported patch and are not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:277",
"url": "https://access.redhat.com/errata/RHSA-2005:277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.mozilla.org/security/announce/mfsa2005-18.html",
"url": "http://www.mozilla.org/security/announce/mfsa2005-18.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2005/rhsa-2005_277.json"
}
],
"title": "Red Hat Security Advisory: mozilla security update",
"tracking": {
"current_release_date": "2005-03-04T00:00:00Z",
"generator": {
"date": "2023-06-30T19:14:00Z",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.18.0"
}
},
"id": "RHSA-2005:277",
"initial_release_date": "2005-03-04T09:22:00Z",
"revision_history": [
{
"date": "2005-03-04T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "Red Hat Enterprise Linux"
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-0255",
"discovery_date": "2005-02-28T00:00:00Z",
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617509"
}
],
"notes": [
{
"category": "description",
"text": "String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-0255",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-0255"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-0255",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0255"
},
{
"category": "external",
"summary": "CVE-2005-0255",
"url": "https://access.redhat.com/security/cve/CVE-2005-0255"
},
{
"category": "external",
"summary": "bz#1617509: CVE-2005-0255 security flaw",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617509"
}
],
"release_date": "2005-02-28T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"Red Hat Enterprise Linux"
],
"url": "https://access.redhat.com/errata/RHSA-2005:277"
}
],
"threats": [
{
"category": "impact",
"date": "2005-02-28T00:00:00Z",
"details": "Important"
}
],
"title": "CVE-2005-0255 security flaw"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…