US-CERT Technical Cyber Security Alert TA08-319A -- Mozilla Updates for Multiple Vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                    National Cyber Alert System

              Technical Cyber Security Alert TA08-319A


Mozilla Updates for Multiple Vulnerabilities

   Original release date: November 14, 2008
   Last revised: --
   Source: US-CERT


Systems Affected

     * Mozilla Firefox
     * Mozilla Thunderbird
     * Mozilla SeaMonkey
     
     Other products based on Mozilla components may also be affected.


Overview

   New versions of Firefox, Thunderbird, and SeaMonkey address several
   vulnerabilities, the most severe of which could allow a remote
   attacker to execute arbitrary code on an affected system.


I. Description

   The Mozilla and the SeaMonkey projects have released new versions
   of Firefox, Thunderbird and SeaMonkey to address several
   vulnerabilities. Further details about these vulnerabilities are
   available in Mozilla Foundation Security Advisories. An attacker
   could exploit these vulnerabilities by convincing a user to view a
   specially crafted HTML document, such as a web page or an HTML
   email message.


II. Impact

   While the impacts of the individual vulnerabilities vary, the most
   severe could allow a remote, unauthenticated attacker to execute
   arbitrary code on a vulnerable system. An attacker may also be able
   to cause a denial of service or execute cross-site scripting
   attacks.


III. Solution

   Upgrade
   
   These vulnerabilities are addressed in  Mozilla Firefox 3.0.4,
   Firefox  2.0.0.18, Thunderbird 2.0.0.18, and SeaMonkey 1.1.13.


IV. References

 * Mozilla Foundation Security Advisories -
   <http://www.mozilla.org/security/announce/>

 * Known Vulnerabilities in Mozilla Products -
   <http://www.mozilla.org/projects/security/known-vulnerabilities.html>

 * Mozilla-Based Applications -
   <http://www.mozilla.org/projects/mozilla-based.html>

 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/>

 * NoScript Firefox Extension - <http://noscript.net/>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA08-319A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@xxxxxxxx> with "TA08-319A Feedback VU#456083" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2008 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History
  
  November 14, 2008: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSR3YHHIHljM+H4irAQJMuwgAiOsps6zaDiVcoeNN3AU4ZYVTzbhj/EUP
eiM8qXdvPTrtzp/6nA5jXZha/FLaSjXakkYhySF4OvcGzQrHi3aLjbEUrS8Xd/wP
EE3y6KUThuNnwHzSs55EeV2Nyz51BgErFL1fF5Uk6Jqjg8Ki0BKaOiYtYzDgmfN0
CmfqefxtnD/CG0UCRtDJYL7WOeXhgJzvUvvw1rn2BAZGzRTpX80CitJO3Lf43f2W
Ol+PBoSlBpmvM+v0aBmf/t2hztJScclT9cV4JB3toItfc2vSclQ7LrBGpfnqRNL/
iDDUF3gODbwGLqooB4GRiK/jC+fFZ7QB4KSBsn48/5llRAbFzOdDnA==
=zSUd
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux