ChuckzBlog
Designed to inform, to encourage, to entertain and to stimulate your imaginations. Enjoy!

US-CERT Cyber Security Alert SA06-354A -- Mozilla Addresses Multiple Vulnerabilities

Thursday, December 21, 2006
National Cyber Alert System

Cyber Security Alert SA06-354A


Mozilla Addresses Multiple Vulnerabilities

Original release date: December 20, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Mozilla Firefox
* Mozilla Thunderbird
* Mozilla SeaMonkey
* Netscape Browser

Other products based on Mozilla components may also be affected.


Overview

Mozilla Firefox, Thunderbird, and derived products contain
several vulnerabilities. By taking advantage of one or more of
these vulnerabilities, an attacker may be able to take control of
your computer.


Solution

Upgrade to the latest versions of Firefox, Thunderbird, and
SeaMonkey

Mozilla has released Firefox 1.5.0.9, Firefox 2.0.0.1,
Thunderbird 1.5.0.9 and SeaMonkey 1.0.7 to correct these
problems. Mozilla Firefox, Thunderbird, and SeaMonkey
automatically check for updates by default.

Security updates for Firefox 1.5 are scheduled to end in April
2007. According to Mozilla:

Firefox 1.5.0.x will be maintained with security and stability
updates until April 24, 2007. All users are strongly encouraged
to upgrade to Firefox 2.

Disable JavaScript and Java

These vulnerabilities can be mitigated by disabling JavaScript
and Java. For more information about configuring Firefox, please
see the "Securing Your Web Browser" document. Netscape users
should see the "Site Controls" document for details. Thunderbird
disables JavaScript and Java by default.


Description

Mozilla products, including the Firefox web browser and
Thunderbird email application, contain a number of
vulnerabilities. These vulnerabilities may allow an attacker to
access your computer, run programs that could cause your computer
to crash, or gain control of your computer. An attacker could
exploit these vulnerabilities by convincing you to visit a web
site or read an HTML formatted email message.

For more technical information, please see US-CERT Technical
Alert TA06-354A.


References

* US-CERT Technical Alert TA06-354A -
<http://www.us-cert.gov/cas/techalerts/TA06-354A.html>

* US-CERT Vulnerability Notes -
<http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_2006121

9>

* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/browser_secu

rity.html#Mozilla_Firefox>

* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/security/announce/>

* Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/>

* Thunderbird - Reclaim your inbox -
<http://www.mozilla.com/thunderbird/>

* The SeaMonkey Project -
<http://www.mozilla.org/projects/seamonkey/>

* Mozilla Hall of Fame -
<http://www.mozilla.org/university/HOF.html>

* Site Controls -
<http://browser.netscape.com/ns8/help/options-site.jsp>


____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/alerts/SA06-354A.html>
____________________________________________________________________

Feedback can be directed to US-CERT. Please send email to
<cert@cert.org> with "SA06-354A Feedback VU#606260" in the subject.
____________________________________________________________________

Mailing list information:

<http://www.us-cert.gov/cas/>
____________________________________________________________________

Produced 2006 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________


Revision History

December 20, 2006: Initial release

Thursday, December 21, 2006 :: ::
<< Home
Chuck :: permalink


contact
Previously
links
credits
blogroll