From security@sco.com Thu Nov 17 12:38:06 2005
From: security@sco.com
To: security-announce@list.sco.com
Date: Thu, 17 Nov 2005 12:30:30 -0500 (EST)
Subject: [Full-disclosure] SCOSA-2005.49 OpenServer 5.0.7 : Mozilla Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

 			SCO Security Advisory

Subject:		OpenServer 5.0.7 : Mozilla Multiple Vulnerabilities
Advisory number:	SCOSA-2005.49
Issue date:		2005 November 17
Cross reference:	sr892472 fz530640 erg712747
 			sr893377 fz531629 erg712821
 			sr894499 fz532748 erg712884 fz533139
 			CVE-2003-0765 CVE-2004-0597 CVE-2004-0599
 			CVE-2004-0717 CVE-2004-0718 CVE-2004-0719
 			CVE-2004-0720 CVE-2004-0721 CVE-2004-0722
 			CVE-2004-0757 CVE-2004-0758 CVE-2004-0759
 			CVE-2004-0760 CVE-2004-0761 CVE-2004-0762
 			CVE-2004-0763 CVE-2004-0764 CVE-2005-0399
 			CVE-2005-0989 CVE-2005-1153 CVE-2005-1154
 			CVE-2005-1155 CVE-2005-1156 CVE-2005-1157
 			CVE-2005-1159 CVE-2005-1160 CVE-2005-1476
 			CVE-2005-1477 CVE-2005-1531 CVE-2005-1532
 			CVE-2005-2701 CVE-2005-2702 CVE-2005-2703
 			CVE-2005-2704 CVE-2005-2705 CVE-2005-2706
 			CVE-2005-2707 CVE-2005-2968
______________________________________________________________________________


1. Problem Description

 	The Mozilla 1.7.12 browser in this update represents a
 	significant advancement in features and fixes over the Mozilla
 	1.6 released with SCO OpenServer 5.0.7 Maintenance Pack 3.

 	For a complete list of security fixes, please see the following:

 	http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla

 	The Common Vulnerabilities and Exposures project (cve.mitre.org)
 	has assigned the following names to these issues:

 	CVE-2003-0765 CVE-2004-0597 CVE-2004-0599 CVE-2004-0717
 	CVE-2004-0718 CVE-2004-0719 CVE-2004-0720 CVE-2004-0721
 	CVE-2004-0722 CVE-2004-0757 CVE-2004-0758 CVE-2004-0759
 	CVE-2004-0760 CVE-2004-0761 CVE-2004-0762 CVE-2004-0763
 	CVE-2004-0764 CVE-2005-0399 CVE-2005-0989 CVE-2005-1153
 	CVE-2005-1154 CVE-2005-1155 CVE-2005-1156 CVE-2005-1157
 	CVE-2005-1159 CVE-2005-1160 CVE-2005-1476 CVE-2005-1477
 	CVE-2005-1531 CVE-2005-1532 CVE-2005-2701 CVE-2005-2702
 	CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706
 	CVE-2005-2707 CVE-2005-2968


2. Vulnerable Supported Versions

 	System				Binaries
 	----------------------------------------------------------------------
 	OpenServer 5.0.7 		Mozilla 1.6 distribution


3. Solution

 	The proper solution is to install the latest packages.


4. OpenServer 5.0.7

 	4.1 Location of Fixed Binaries

 	The fixes are only available in SCO OpenServer Release 5.0.7
 	Maintenance Pack 4 or later.

 	ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar


 	4.2 Verification

 	MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228

 	md5 is available for download from
 		ftp://ftp.sco.com/pub/security/tools


 	4.3 Installing Fixed Binaries

 	See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
 	and Installation Notes:

 	ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm


5. References

 	Specific references for this advisory:
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0765
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0597
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0599
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0717
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0719
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0720
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0721
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0722
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0757
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0758
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0759
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0760
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0761
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0762
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0763
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0764
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0399
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0989
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1153
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1154
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1155
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1156
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1157
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1159
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1160
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1476
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1477
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1531
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1532
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2701
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2702
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2703
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2704
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2705
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2706
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2707
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2968
 		http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla

 	SCO security resources:
 		http://www.sco.com/support/security/index.html

 	SCO security advisories via email
 		http://www.sco.com/support/forums/security.html

 	This security fix closes SCO incidents sr892472 fz530640
 	erg712747 sr893377 fz531629 erg712821 sr894499 fz532748
 	erg712884 fz533139.


6. Disclaimer

 	SCO is not responsible for the misuse of any of the information
 	we provide on this website and/or through our security
 	advisories. Our advisories are a service to our customers
 	intended to promote secure installation and use of SCO
 	products.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDfLgdaqoBO7ipriERAn8ZAJ9sB7tdXjE6sSWZhIVomie/w9MHMQCfVk8g
gljcBsvg/s3phWRRTjqO0bM=
=q7a1
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/