Versions of Mozilla previous to version 1.0.1 contain various security vulnerabilities. These vulnerabilities could be used by an attacker to read data off of the local hard drive, to gain information that should normally be kept private, and in some cases to execute arbitrary code.
ugh. I'm guessing that this is the same exploit that resulted in RHSA-2002:192 (for RHL). I should have guessed that we needed to push new packages for 2.1AS. FWIW, the 7.2 {galeon,gdk-pixbuf*,mozilla} packages freshen against 2.1AS without issue, though I haven't really done any functional verification or tried a source rebuild.
Errata is in the works.
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2003-046.html