Advertisement
Promo

Security threats Toolkit in association with http://ad.doubleclick.net/clk;214682528;14505427;f?http://uk.blackberry.com/ataglance/security/

Mozilla fixes critical Firefox, Thunderbird flaws

Liam Tung ZDNet Australia

Published: 27 Mar 2008 11:34 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Mozilla has fixed seven vulnerabilities in the latest release of Firefox, with SeaMonkey and Thunderbird also affected.

Mozilla recommends users disable JavaScript in Thunderbird for the two critical flaws — MFSA 2008-15 and MFSA 2008-14 — since the email client shares the same browser engine as Firefox.

MFSA 2008-15 is a memory-corruption flaw and could allow an attacker to run arbitrary code. Mozilla has identified JavaScript errors as the source. However, it warned that an attacker could also use large image files to execute an attack.

MFSA 2008-14, meanwhile, permits an attacker to force a browser to run JavaScript code to conduct cross-site scripting and arbitrary code execution.

The two critical vulnerabilities resolved in Firefox's 2.0.0.13 release also affect Thunderbird and Mozilla's email application suite, SeaMonkey. Mozilla has identified two other "high impact" flaws — MFSA 2008-19 and MFSA 2008-18 — which could allow an attacker to create false login prompts and discover a user's identity through SSL certificates.

"It was possible to have a background tab create a borderless XUL [Mozilla's SML user-interface language] pop-up in front of the active tab in the user's browser. This technique could be used by an attacker to spoof form elements, such as a login prompt for a site opened in a different tab, and steal the user's login credentials for that site," Mozilla advised on its known-vulnerabilities web page.

Credit: Mozilla fixes critical flaws in Firefox 2.0, Thunderbird from ZDNet Australia

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
5 out of 5 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Web Developer

Front End Developer

User Experience Developer - London

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Nasa hacker petition presented to Numb...

Sting's wife Trudie Styler and Janis Sharp have presented a petition to Number 10 calling for Nasa hacker Gary McKinnon not to be extradited to the US. Styler, and Sharp, who is... More

Post a comment

UK to appoint cyber-sec tsar?

The UK is to appoint a cyber security tsar along the lines of the US, according to a story in the Telegraph this morning. The story is similar to one that appeared in the Guardian... More

Post a comment

Nokia Siemens denies Iran web snoop

Nokia Siemens has denied providing deep packet inspection capabilities to the Iranian authorities, following an article in the Wall Street Journal on Monday. The WSJ published the... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters