|
List Info
Thread: Fw: US-CERT Cyber Security Alert SA08-087A -- Mozilla Updates for Multiple Vulnerabilities
|
|
| Fw: US-CERT Cyber Security Alert
SA08-087A -- Mozilla Updates for
Multiple Vulnerabilities |
 
United States |
2008-03-28 14:21:56 |
|
----- Original Message -----
Sent: Thursday, March 27, 2008 3:52 PM
Subject: US-CERT Cyber Security Alert SA08-087A -- Mozilla Updates
for Multiple Vulnerabilities
-----BEGI N PGP SIGNED MESSAGE-----
Hash:
SHA1
National Cyber Alert System
Cyber Security Alert SA08-087A
Mozilla Updates
for Multiple Vulnerabilities
Original release date: March
27, 2008
; Last revised: --
Source:
US-CERT
Systems Affected
; * Mozilla
Firefox
; * Mozilla
Thunderbird
* Seamonkey
Other
products based on Mozilla components may also be
affected.
Overview
Mozilla Firefox,
Thunderbird, and derived products contain several
vulnerabilities. By taking advantage of one
or more of these
vulnerabilities, ;
an attacker may be able to take control of
your
computer.
Solution
Upgrade to the
latest versions of Firefox and Thunderbird.
Mozilla has released Firefox 2.0.0.13, Thunderbird
2.0.0.13 and
; Seamonkey 1.1.9. By
default, Mozilla Firefox and
Thunderbird
automatically check for
updates.
These vulnerabilities can be mitigated
by disabling JavaScript. For
; more information about
configuring Firefox, please see the Securing
;
Your Web Browser document. Thunderbird
disables JavaScript by
default.
Description
Mozilla products,
including the Firefox web browser and Thunderbird
email application, contain a number of
vulnerabilities. These
vulnerabilities may
allow an attacker to access your computer, run
;
programs that could cause your computer to crash, or gain
control
; of your computer. An attacker
could exploit these vulnerabilities
; by
convincing you to visit a web site or read an HTML
formatted
email
message.
For more technical information,
please see US-CERT Technical Alert
TA08-087B.
References
* US-CERT Technical Alert TA08-087BA
-
<http://www.us-cert.gov/cas/techalerts/TA08-087B.html>
*
US-CERT Vulnerability Notes -
<http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_2008003>
*
Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/browser_security.html#Mozilla_Firefox>
* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/security/announce/>
* Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/>
;
* Thunderbird - Reclaim your inbox - <http://www.mozilla.com/thunderbird/>
* Mozilla Hall of Fame -
<http://www.mozilla.org/university/HOF.html>
_________________________________________________________________
The most recent version of this document can be found
at:
<http://www.us-cert.gov/cas/alerts/SA08-087A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
; email
to <cert.org
href="mailto:cert cert.org">certcert.org> with "SA08-087A Feedback
VU#466521" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
; mailing
list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of
use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
;
Revision History
March 27, 2008: Initial
release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1
(GNU/Linux)
iQEVAwUBR+vYmfRFkHkM87XOAQKb4wf+J5bBi6SG0v2hAChyD64bpY+asNr1jacq
hsG8B/rSY5+DsPAm4tqGo7dBvAEIqMx6FyLty9SADvsibKPosbICjshzHSVymqtP
U44lRImrtyMAgAtT/wYMOWOWmCqjFNWJqUwNtSHWWcy2jJmNSSFO1CD38DoXN3ld | |