[IS&T Security-FYI] Mozilla Upgrades for Browser Vulnerabilities
Monique Yeaton
myeaton at MIT.EDU
Thu Dec 21 08:59:25 EST 2006
---------------------
This notice is being sent in response to Technical Cyber Security
Alert TA06-354A, December 20, 2006
Mozilla has released new versions of Firefox, Thunderbird, and
SeaMonkey to address several vulnerabilities. Upgrades Mozilla
Firefox 1.5.0.9, Mozilla Firefox 2.0.0.1, Mozilla Thunderbird
1.5.0.9, and SeaMonkey 1.0.7 address these vulnerabilities. All three
browsers automatically check for updates by default.
According to September 2006 statistics, 45% of certificates at MIT
were obtained using Firefox/Mozilla browsers. If you are using any of
these browsers, we advise to upgrade now.
Firefox 1.5.0.9
<http://www.mozilla.com/en-US/firefox/releases/1.5.0.9.html>
Firefox 2.0.0.1
<http://www.mozilla.com/en-US/firefox/>
Thunderbird 1.5.0.9
<http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.9.html>
SeaMonkey 1.0.7
<http://www.mozilla.org/projects/seamonkey/>
The vulnerabilities found could allow a remote attacker to execute
arbitrary code that could possibly affect the application. It could
also allow impersonation of a seemingly secure site and cause a
denial-of-service (DoS), making a Web page unavailable to its
intended users.
According to Mozilla, Firefox 1.5.0.x will be maintained with
security and stability updates until April 24, 2007. All users are
strongly encouraged to upgrade to Firefox 2 <http://www.mozilla.com/
en-US/firefox/>.
-----
The most recent version of this CERT advisory can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-354A.html>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
N42-040, tel: (617) 253-2715
More information about the ist-security-fyi
mailing list