Advertisement
Promo

Security threats Toolkit

Mozilla updates fix highly critical security flaws

Dawn Kawamoto CNET News

Published: 18 Dec 2008 18:03 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Mozilla has released updates to its popular Firefox browser, Thunderbird email client and SeaMonkey application suite, aiming to address highly critical security flaws that could expose users' sensitive information.

Users are advised to update to version 3.0.5 of Firefox, which was released on Tuesday. They are also advised to update to version 2.0.0.19 of Thunderbird and version 1.1.14 of SeaMonkey.

The vulnerabilities were found in earlier versions of Firefox 3, as well as in versions of Firefox 2.

According to a research note released on Wednesday by security researcher Secunia:

"Some vulnerabilities have been reported in Mozilla Firefox which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks or potentially compromise a user's system.

  1. Errors in the layout and JavaScript engines can be exploited to corrupt memory and potentially execute arbitrary code
  2. An error when processing the 'persist' XUL attribute can be exploited to bypass cookie settings and uniquely identify a user in subsequent browsing sessions
  3. Multiple errors can be exploited to bypass the same-origin policy, disclose sensitive information, and execute JavaScript code with chrome privileges"

Read this

Review
Review: Firefox 3

Read more +

One Mozilla advisory addresses critical security flaws in all three programs (Firefox, Thunderbird and SeaMonkey) that could arise from memory corruption and result in malicious attackers launching arbitrary code from users' computers.

Mozilla also noted that another set of critical vulnerabilities in all three programs could redirect users from a legitimate site to a malicious one, where users' private data could be stolen. A third set of critical flaws noted in all three programs could lead to the launching of arbitrary JavaScript within a different website.

Credit: Mozilla patches highly critical security flaws from CNET News

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
2 out of 2 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

This Crap Site

How utterly stupid - I am ranked #40 in the top 100 - as a member of this site..... I mean HOW utterly stupid.... I have done sweet FA, I have only rejoined this site after a 3 or... More

Post a comment

Microsoft Security Update: November Pa...

Apologies for this late update to our core Patch Tuesday update. Here is a summary of the update .... The November Patch Tuesday update from Microsoft follows the largest patch and... More

Post a comment

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

4 comments


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters