[IS&T Security-FYI] Mozilla Upgrades Address Browser Vulnerabilities
Monique Yeaton
myeaton at MIT.EDU
Thu Nov 9 15:19:48 EST 2006
---------------------
This notice is being sent in response to Technical Cyber Security
Alert TA06-312A, November 8, 2006
Three security advisories have been released to report
vulnerabilities found in Mozilla web browsers. Upgrades Mozilla
Firefox 1.5.0.8, Mozilla Thunderbird 1.5.0.8, and SeaMonkey 1.0.6
address these vulnerabilities.
According to September 2006 statistics, 45% of certificates at MIT
were obtained using Firefox/Mozilla browsers. If you are using any of
these browsers, we advise to upgrade now.
Firefox 1.5.0.8
<http://www.mozilla.com/en-US/firefox/releases/1.5.0.8.html>
Thunderbird 1.5.0.8
<http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.8.html>
SeaMonkey 1.0.6
<http://www.mozilla.org/projects/seamonkey/>
The vulnerabilities found could allow a remote attacker to execute
arbitrary code that could possibly affect the application. It could
also allow impersonation of a seemingly secure site and cause a
denial-of-service (DoS), making a Web page unavailable to its
intended users.
According to Mozilla, Firefox 1.5.0.x will be maintained with
security and stability updates until April 24, 2007. All users are
strongly encouraged to upgrade to Firefox 2 <http://www.mozilla.com/
en-US/firefox/>.
-----
The most recent version of this CERT advisory can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-312A.html>
References:
* Vulnerability Note VU#714496 -
<http://www.kb.cert.org/vuls/id/714496>
* Vulnerability Note VU#335392 -
<http://www.kb.cert.org/vuls/id/335392>
* Vulnerability Note VU#815432 -
<http://www.kb.cert.org/vuls/id/815432>
* Vulnerability Note VU#390480 -
<http://www.kb.cert.org/vuls/id/390480>
* Vulnerability Note VU#495288 -
<http://www.kb.cert.org/vuls/id/495288>
* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/security/announce/>
* Known Vulnerabilities in Mozilla Products -
<http://www.mozilla.org/projects/security/known-
vulnerabilities.html>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/
browser_security.html#Mozilla_Firefox>
* Mozilla Hall of Fame -
<http://www.mozilla.org/university/HOF.html>
* Site Controls -
<http://browser.netscape.com/ns8/help/options-site.jsp>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
N42-040, tel: (617) 253-2715
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20061109/ca70fbd8/attachment.htm
More information about the ist-security-fyi
mailing list