Mozilla Products Contain Multiple Vulnerabilities

newhouse1390 · 11-09-2006, 05:50 PM

National Cyber Alert System

Cyber Security Alert SA06-312A

Mozilla Products Contain Multiple Vulnerabilities

Original release date: November 8, 2006
Last revised: --
Source: US-CERT

Systems Affected

* Mozilla Firefox web browser
* Mozilla SeaMonkey web browser
* Mozilla Thunderbird email application
* Netscape web browser

Any products based on Mozilla components may also be affected.

Overview

The Mozilla web browser and derived products contain several
vulnerabilities. By taking advantage of one or more of these
vulnerabilities, an attacker may be able to take control of your
computer.

Solution

Upgrade to the latest versions of Firefox, Thunderbird, and SeaMonkey

Mozilla has released Firefox 1.5.0.8, Thunderbird 1.5.0.8 and
SeaMonkey 1.0.6 to correct these problems.

According to Mozilla:

Firefox 1.5.0.x will be maintained with security and stability
updates until April 24, 2007. All users are strongly encouraged to
upgrade to Firefox 2.

Netscape users should disable JavaScript as specified in the
Netscape Site Controls web page.

Description

Mozilla products, including the Firefox web browser and Thunderbird
email application, contain a number of vulnerabilities. These
vulnerabilities may allow an attacker to access your computer, run
programs that could cause your computer to crash, or gain control
of your computer.

For more technical information, see US-CERT Technical Alert
TA06-312A.

References

* US-CERT Vulnerability Notes Related to November Mozilla Security
Advisories -
<http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_1508>

* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/security/announce/>

* Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/>

* Thunderbird - Reclaim your inbox -
<http://www.mozilla.com/thunderbird/>

* The SeaMonkey Project -
<http://www.mozilla.org/projects/seamonkey/>

* Site Controls -
<http://browser.netscape.com/ns8/help/options-site.jsp>

**carsey** · 11-10-2006, 09:25 AM

Quote:

Originally Posted by newhouse1390

Upgrade to the latest versions of Firefox, Thunderbird, and SeaMonkey

Mozilla has released Firefox 1.5.0.8, Thunderbird 1.5.0.8 and
SeaMonkey 1.0.6 to correct these problems.

Firefox 2.0 is out now and firefox 1.5.08 was released months ago.

Quote:

Description

Mozilla products, including the Firefox web browser and Thunderbird
email application, contain a number of vulnerabilities. These
vulnerabilities may allow an attacker to access your computer, run
programs that could cause your computer to crash, or gain control
of your computer.

Yet firefox is one of the safest browsers around. Hackers are more likely to go to IE as many many people use it and basically the hackers have half the world, or more.

newhouse1390 · 11-10-2006, 01:21 PM

Sorry for the mis-information, I thought I would pass this along. There is a newly discovered vulnerability affecting Mozilla products I will attempt to research that.

It was not my intention to attack the Mozilla products by saying they have some vulnerabilities. However a vulnerability is what it is, while statistics suggest most hackers would attempt to exploit IE vulnerabilities, their plan B would be to attack Mozilla products as well as many other third party softwares. It is important to take any vulnerability and assess how that affects your organization and come up with a plan to mitigate the problem/risk.

newhouse1390 · 11-10-2006, 01:26 PM

The vulnerability is only affecting users who use versions prior to 2.0. All users are encouraged to upgrade to v2.0.

Quote:

Firefox 1.5.0.x will be maintained with security and stability
updates until April 24, 2007. All users are strongly encouraged to
upgrade to Firefox 2.

**carsey** · 11-10-2006, 01:27 PM

I think Firefox will prompt for a update, not too sure now... was along time ago since it got FF2.0

11-09-2006, 05:50 PM	#1 (permalink)
newhouse1390 Member, Networking Team Join Date: Jan 2005 Location: Ohio Posts: 1,040 OS: Windows Server 2003	Mozilla Products Contain Multiple Vulnerabilities National Cyber Alert System Cyber Security Alert SA06-312A Mozilla Products Contain Multiple Vulnerabilities Original release date: November 8, 2006 Last revised: -- Source: US-CERT Systems Affected * Mozilla Firefox web browser * Mozilla SeaMonkey web browser * Mozilla Thunderbird email application * Netscape web browser Any products based on Mozilla components may also be affected. Overview The Mozilla web browser and derived products contain several vulnerabilities. By taking advantage of one or more of these vulnerabilities, an attacker may be able to take control of your computer. Solution Upgrade to the latest versions of Firefox, Thunderbird, and SeaMonkey Mozilla has released Firefox 1.5.0.8, Thunderbird 1.5.0.8 and SeaMonkey 1.0.6 to correct these problems. According to Mozilla: Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007. All users are strongly encouraged to upgrade to Firefox 2. Netscape users should disable JavaScript as specified in the Netscape Site Controls web page. Description Mozilla products, including the Firefox web browser and Thunderbird email application, contain a number of vulnerabilities. These vulnerabilities may allow an attacker to access your computer, run programs that could cause your computer to crash, or gain control of your computer. For more technical information, see US-CERT Technical Alert TA06-312A. References * US-CERT Vulnerability Notes Related to November Mozilla Security Advisories - <http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_1508> * Mozilla Foundation Security Advisories - <http://www.mozilla.org/security/announce/> * Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/> * Thunderbird - Reclaim your inbox - <http://www.mozilla.com/thunderbird/> * The SeaMonkey Project - <http://www.mozilla.org/projects/seamonkey/> * Site Controls - <http://browser.netscape.com/ns8/help/options-site.jsp> __________________ Because you can read this thank a teacher, because it's English thank a soldier.

11-10-2006, 01:21 PM	#3 (permalink)
newhouse1390 Member, Networking Team Join Date: Jan 2005 Location: Ohio Posts: 1,040 OS: Windows Server 2003	Sorry for the mis-information, I thought I would pass this along. There is a newly discovered vulnerability affecting Mozilla products I will attempt to research that. It was not my intention to attack the Mozilla products by saying they have some vulnerabilities. However a vulnerability is what it is, while statistics suggest most hackers would attempt to exploit IE vulnerabilities, their plan B would be to attack Mozilla products as well as many other third party softwares. It is important to take any vulnerability and assess how that affects your organization and come up with a plan to mitigate the problem/risk. __________________ Because you can read this thank a teacher, because it's English thank a soldier.

11-10-2006, 01:27 PM	#5 (permalink)
carsey Moderator, TSF Articles Join Date: Aug 2006 Location: Hunwick, Co. Durham England Posts: 10,693 OS: XP Pro SP3 My System	I think Firefox will prompt for a update, not too sure now... was along time ago since it got FF2.0 __________________ Submit New Articles Here