-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.7 : Mozilla Multiple Vulnerabilities Advisory number: SCOSA-2005.49 Issue date: 2005 November 17 Cross reference: sr892472 fz530640 erg712747 sr893377 fz531629 erg712821 sr894499 fz532748 erg712884 fz533139 CVE-2003-0765 CVE-2004-0597 CVE-2004-0599 CVE-2004-0717 CVE-2004-0718 CVE-2004-0719 CVE-2004-0720 CVE-2004-0721 CVE-2004-0722 CVE-2004-0757 CVE-2004-0758 CVE-2004-0759 CVE-2004-0760 CVE-2004-0761 CVE-2004-0762 CVE-2004-0763 CVE-2004-0764 CVE-2005-0399 CVE-2005-0989 CVE-2005-1153 CVE-2005-1154 CVE-2005-1155 CVE-2005-1156 CVE-2005-1157 CVE-2005-1159 CVE-2005-1160 CVE-2005-1476 CVE-2005-1477 CVE-2005-1531 CVE-2005-1532 CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707 CVE-2005-2968 ______________________________________________________________________________ 1. Problem Description The Mozilla 1.7.12 browser in this update represents a significant advancement in features and fixes over the Mozilla 1.6 released with SCO OpenServer 5.0.7 Maintenance Pack 3. For a complete list of security fixes, please see the following: http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to these issues: CVE-2003-0765 CVE-2004-0597 CVE-2004-0599 CVE-2004-0717 CVE-2004-0718 CVE-2004-0719 CVE-2004-0720 CVE-2004-0721 CVE-2004-0722 CVE-2004-0757 CVE-2004-0758 CVE-2004-0759 CVE-2004-0760 CVE-2004-0761 CVE-2004-0762 CVE-2004-0763 CVE-2004-0764 CVE-2005-0399 CVE-2005-0989 CVE-2005-1153 CVE-2005-1154 CVE-2005-1155 CVE-2005-1156 CVE-2005-1157 CVE-2005-1159 CVE-2005-1160 CVE-2005-1476 CVE-2005-1477 CVE-2005-1531 CVE-2005-1532 CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707 CVE-2005-2968 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.7 Mozilla 1.6 distribution 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 Location of Fixed Binaries The fixes are only available in SCO OpenServer Release 5.0.7 Maintenance Pack 4 or later. ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar 4.2 Verification MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release and Installation Notes: ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm 5. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0765 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0599 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0717 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0757 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0399 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0989 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1531 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1532 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2706 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2968 http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr892472 fz530640 erg712747 sr893377 fz531629 erg712821 sr894499 fz532748 erg712884 fz533139. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (UnixWare) iD8DBQFDfLgdaqoBO7ipriERAn8ZAJ9sB7tdXjE6sSWZhIVomie/w9MHMQCfVk8g gljcBsvg/s3phWRRTjqO0bM= =q7a1 -----END PGP SIGNATURE-----