Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security US-CERT-Alerts
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

US-CERT Cyber Security Alert SA08-087A -- Mozilla Updates for Multiple V

from [US-CERT Alerts] Network Security [Permanent Link]
Subject: US-CERT Cyber Security Alert SA08-087A -- Mozilla Updates for Multiple Vulnerabilities
Date: Thu, 27 Mar 2008 16:52:16 -0400 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

     National Cyber Alert System
   
    Cyber Security Alert SA08-087A


Mozilla Updates for Multiple Vulnerabilities

   Original release date: March 27, 2008
   Last revised: --
   Source: US-CERT

Systems Affected

     * Mozilla Firefox
     * Mozilla Thunderbird
     * Seamonkey

   Other products based on Mozilla components may also be affected.

Overview

     Mozilla  Firefox, Thunderbird, and derived products contain several
     vulnerabilities.  By  taking  advantage  of  one  or  more of these
     vulnerabilities,  an  attacker  may be able to take control of your
     computer.

Solution

Upgrade to the latest versions of Firefox and Thunderbird.

     Mozilla  has  released  Firefox  2.0.0.13, Thunderbird 2.0.0.13 and
     Seamonkey  1.1.9.  By  default,  Mozilla  Firefox  and  Thunderbird
     automatically check for updates.

     These vulnerabilities can be mitigated by disabling JavaScript. For
     more information about configuring Firefox, please see the Securing
     Your  Web  Browser  document.  Thunderbird  disables  JavaScript by
     default.

Description

     Mozilla products, including the Firefox web browser and Thunderbird
     email  application,  contain  a  number  of  vulnerabilities. These
     vulnerabilities  may allow an attacker to access your computer, run
     programs  that  could cause your computer to crash, or gain control
     of  your  computer. An attacker could exploit these vulnerabilities
     by  convincing  you  to  visit a web site or read an HTML formatted
     email message.

     For  more technical information, please see US-CERT Technical Alert
     TA08-087B.

References

 * US-CERT Technical Alert TA08-087BA -
   <http://www.us-cert.gov/cas/techalerts/TA08-087B.html>

 * US-CERT Vulnerability Notes -
   <http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_2008003>

 * Securing Your Web Browser -
   
<http://www.us-cert.gov/reading_room/securing_browser/browser_security.html#Mozilla_Firefox>
     
 * Mozilla Foundation Security Advisories -
   <http://www.mozilla.org/security/announce/>
     
 * Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/>
     
 * Thunderbird - Reclaim your inbox - <http://www.mozilla.com/thunderbird/>
     
 * Mozilla Hall of Fame -
   <http://www.mozilla.org/university/HOF.html>
 
_________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/alerts/SA08-087A.html>
 _________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@cert.org> with "SA08-087A Feedback VU#466521" in the
  subject.
 _________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 _________________________________________________________________

  Produced 2008 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

   Revision History

   March 27, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR+vYmfRFkHkM87XOAQKb4wf+J5bBi6SG0v2hAChyD64bpY+asNr1jacq
hsG8B/rSY5+DsPAm4tqGo7dBvAEIqMx6FyLty9SADvsibKPosbICjshzHSVymqtP
U44lRImrtyMAgAtT/wYMOWOWmCqjFNWJqUwNtSHWWcy2jJmNSSFO1CD38DoXN3ld
ltuEUXwVHsTA9bod05hTQ66CHUvQu1Cd05KwxDumHYxXAIb3gmtMh9HRco0HnrIN
NpkVG4vPFsRsX97WN4txWFo25MlRIc0VzeKwXje6Lp20BsovlHAQxA9F0yNIg0RK
FH+QFo2oL9Xn63DUI/0cu+yC6nOtLmcI1r4uL2jYHeJiLNMyWryRjw==
=P3Zm
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • US-CERT Cyber Security Alert SA08-087A -- Mozilla Updates for Multiple Vulnerabilities, US-CERT Alerts <=
Previous by Date:  US-CERT Cyber Security Alert SA08-079A -- Apple Updates for Multiple Vulnerabilities, US-CERT Alerts
Previous by Thread:  US-CERT Cyber Security Alert SA08-079A -- Apple Updates for Multiple Vulnerabilities, US-CERT Alerts
Indexes:  [Date] [Thread] [Top] [All Lists]