The associated vulnerabilities in Mozilla Suite are described in SA14992
Release Date: 2005-04-18 Last Update: 2005-04-20
Successful exploitation may allow execution of arbitrary code, if a search is performed when the current web site runs with escalated privileges (e.g. "about:plugins" and "about:config").
Solution: Update to version 1.7.7.
Similar Firefox vulnerabilities are described in SA14938
Solution: Update to version 1.0.3
From the discussion athttp://sillydog.org/forum/viewtopic.php?t=8768
Secunia: Multiple Security Vulnerabilities
On 18 Apr, 2005 1:03 pm akbash wrote:
Can I just take the opportunity to repeat my litany that none of these vulnerabilities are fixed in any released Netscape browser? Every individual advisory I could find in the Secunia report linked to a Mozilla advisory that claimed the vulnerability had been fixed only in the very latest Mozilla releases. As we all know for the last couple of years Netscape has been simply a corporate branded version of Mozilla plus a few add-ons. I've called AOL's update record for Netscape negligent
before and I stand by that.
Again you're probably safe enough browsing with Netscape browsers today because they're an unpopular target. I think that will change as Mozilla browsers become more widely used, and because some of these recently uncovered vulnerabilities are very nasty. If I were a malware author, I'd be tantalized by this latest list. It's time to switch to Mozilla. (Or, I suppose, some other browser. I like Firefox, myself.)
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414