[IS&T Security-FYI] Mozilla Upgrades Address Browser Vulnerabilities

Monique Yeaton myeaton at MIT.EDU
Thu Nov 9 15:19:48 EST 2006 

---------------------

This notice is being sent in response to Technical Cyber Security  
Alert TA06-312A, November 8, 2006

Three security advisories have been released to report  
vulnerabilities found in Mozilla web browsers. Upgrades Mozilla  
Firefox 1.5.0.8, Mozilla Thunderbird 1.5.0.8, and SeaMonkey 1.0.6  
address these vulnerabilities.

According to September 2006 statistics, 45% of certificates at MIT  
were obtained using Firefox/Mozilla browsers. If you are using any of  
these browsers, we advise to upgrade now.

Firefox 1.5.0.8
<http://www.mozilla.com/en-US/firefox/releases/1.5.0.8.html>

Thunderbird 1.5.0.8
<http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.8.html>

SeaMonkey 1.0.6
<http://www.mozilla.org/projects/seamonkey/>

The vulnerabilities found could allow a remote attacker to execute  
arbitrary code that could possibly affect the application. It could  
also allow impersonation of a seemingly secure site and cause a  
denial-of-service (DoS), making a Web page unavailable to its  
intended users.

According to Mozilla, Firefox 1.5.0.x will be maintained with  
security and stability updates until April 24, 2007. All users are  
strongly encouraged to upgrade to Firefox 2 <http://www.mozilla.com/ 
en-US/firefox/>.

-----

The most recent version of this CERT advisory can be found at:

<http://www.us-cert.gov/cas/techalerts/TA06-312A.html>

References:

      * Vulnerability Note VU#714496 -
        <http://www.kb.cert.org/vuls/id/714496>

      * Vulnerability Note VU#335392 -
        <http://www.kb.cert.org/vuls/id/335392>

      * Vulnerability Note VU#815432 -
        <http://www.kb.cert.org/vuls/id/815432>

      * Vulnerability Note VU#390480 -
        <http://www.kb.cert.org/vuls/id/390480>

      * Vulnerability Note VU#495288 -
        <http://www.kb.cert.org/vuls/id/495288>

      * Mozilla Foundation Security Advisories -
        <http://www.mozilla.org/security/announce/>

      * Known Vulnerabilities in Mozilla Products -
        <http://www.mozilla.org/projects/security/known- 
vulnerabilities.html>

      * Securing Your Web Browser -
        <http://www.us-cert.gov/reading_room/securing_browser/ 
browser_security.html#Mozilla_Firefox>

      * Mozilla Hall of Fame -
        <http://www.mozilla.org/university/HOF.html>

      * Site Controls -
        <http://browser.netscape.com/ns8/help/options-site.jsp>



Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
N42-040, tel: (617) 253-2715



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20061109/ca70fbd8/attachment.htm

More information about the ist-security-fyi mailing list