Search:

April 2005

HP-UX Mozilla remote, unauthorized user may execute privileged code (HPSBUX01133)

ID: 00341
Ref: 315/2005
Date: 21 April 2005:11:30:37
Version: 1

Title: HP-UX Mozilla remote, unauthorized user may execute privileged code (HPSBUX01133)
Abstract: HP have issued a Security Bulletin about recent Mozilla issues.
Vendors affected: Hewlett Packard
Operating systems affected: Hewlett Packard
Applications affected: Hewlett Packard

Title
=====

HP-UX Mozilla remote, unauthorized user may execute privileged code (HPSBUX01133)

Detail
======

HP have issued a Security Bulletin about recent Mozilla issues.
The notification can be found at:
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01133

The following information is a small extract from the update:

"
VULNERABILITY SUMMARY:
A potential security vulnerability has been identified with HP-UX running Mozilla,
where a heap overflow could be exploited to allow a remote, unauthorized user to
execute privileged code.

...

AFFECTED VERSIONS

Note: To determine if a system has an affected version,
search the output of "swlist -a revision -l fileset"
for an affected fileset. Then determine if the
recommended patch or update is installed.

HP-UX B.11.00
HP-UX B.11.11
HP-UX B.11.22
HP-UX B.11.23
=============
Mozilla.MOZ-COM
action: install revision 1.7.3.02 or subsequent

END AFFECTED VERSIONS

...

RESOLUTION:
HP has made the following available to resolve the issue.
hese updates are available on http://www.hp.com/go/mozilla:

Mozilla 1.7.3.02 for HP PA-RISC 11.0, 11i v1 (11.11) and 11i v2 (11.23)
Mozilla 1.7.3.02 for HP Integrity 11.22 (11i v1.6) and HP-UX 11.23 (11i v2)