<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; ">---------------------<DIV><BR class="khtml-block-placeholder"></DIV><DIV>This notice is being sent in response to Technical Cyber Security Alert TA06-312A, November 8, 2006</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Three security advisories have been released to report vulnerabilities found in Mozilla web browsers. Upgrades Mozilla Firefox 1.5.0.8, Mozilla Thunderbird 1.5.0.8, and SeaMonkey 1.0.6 address these vulnerabilities. </DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>According to September 2006 statistics, 45% of certificates at MIT were obtained using Firefox/Mozilla browsers. If you are using any of these browsers, we advise to upgrade now.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Firefox 1.5.0.8 </DIV><DIV><<A href="http://www.mozilla.com/en-US/firefox/releases/1.5.0.8.html">http://www.mozilla.com/en-US/firefox/releases/1.5.0.8.html</A>></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Thunderbird 1.5.0.8 </DIV><DIV><<A href="http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.8.html">http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.8.html</A>></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>SeaMonkey 1.0.6 </DIV><DIV><<A href="http://www.mozilla.org/projects/seamonkey/">http://www.mozilla.org/projects/seamonkey/</A>></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The vulnerabilities found could allow a remote attacker to execute arbitrary code that could possibly affect the application. It could also allow impersonation of a seemingly secure site and cause a denial-of-service (DoS), making a Web page unavailable to its intended users. </DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>According to Mozilla, Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007. All users are strongly encouraged to upgrade to Firefox 2 <<A href="http://www.mozilla.com/en-US/firefox/">http://www.mozilla.com/en-US/firefox/</A>>.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>-----</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The most recent version of this CERT advisory can be found at:</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><<A href="http://www.us-cert.gov/cas/techalerts/TA06-312A.html">http://www.us-cert.gov/cas/techalerts/TA06-312A.html</A>></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>References:</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV> * Vulnerability Note VU#714496 -</DIV><DIV> <<A href="http://www.kb.cert.org/vuls/id/714496">http://www.kb.cert.org/vuls/id/714496</A>></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV> * Vulnerability Note VU#335392 -</DIV><DIV> <<A href="http://www.kb.cert.org/vuls/id/335392">http://www.kb.cert.org/vuls/id/335392</A>></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV> * Vulnerability Note VU#815432 -</DIV><DIV> <<A href="http://www.kb.cert.org/vuls/id/815432">http://www.kb.cert.org/vuls/id/815432</A>></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV> * Vulnerability Note VU#390480 -</DIV><DIV> <<A href="http://www.kb.cert.org/vuls/id/390480">http://www.kb.cert.org/vuls/id/390480</A>></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV> * Vulnerability Note VU#495288 -</DIV><DIV> <<A href="http://www.kb.cert.org/vuls/id/495288">http://www.kb.cert.org/vuls/id/495288</A>></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV> * Mozilla Foundation Security Advisories -</DIV><DIV> <<A href="http://www.mozilla.org/security/announce/">http://www.mozilla.org/security/announce/</A>></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV> * Known Vulnerabilities in Mozilla Products -</DIV><DIV> <<A href="http://www.mozilla.org/projects/security/known-vulnerabilities.html">http://www.mozilla.org/projects/security/known-vulnerabilities.html</A>></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV> * Securing Your Web Browser -</DIV><DIV> <<A href="http://www.us-cert.gov/reading_room/securing_browser/browser_security.html#Mozilla_Firefox">http://www.us-cert.gov/reading_room/securing_browser/browser_security.html#Mozilla_Firefox</A>></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV> * Mozilla Hall of Fame -</DIV><DIV> <<A href="http://www.mozilla.org/university/HOF.html">http://www.mozilla.org/university/HOF.html</A>></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV> * Site Controls -</DIV><DIV> <<A href="http://browser.netscape.com/ns8/help/options-site.jsp">http://browser.netscape.com/ns8/help/options-site.jsp</A>></DIV><DIV><BR></DIV><BR><BR><DIV> <SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><DIV>Monique Yeaton</DIV><DIV>IT Security Awareness Consultant</DIV><DIV>MIT Information Services & Technology (IS&T)</DIV><DIV>N42-040, tel: (617) 253-2715</DIV><DIV><BR class="khtml-block-placeholder"></DIV><BR class="Apple-interchange-newline"></SPAN></SPAN> </DIV><BR></BODY></HTML>