Advertisement
Promo

Security threats Toolkit

Mozilla updates fix highly critical security flaws

Dawn Kawamoto CNET News

Published: 18 Dec 2008 18:03 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Mozilla has released updates to its popular Firefox browser, Thunderbird email client and SeaMonkey application suite, aiming to address highly critical security flaws that could expose users' sensitive information.

Users are advised to update to version 3.0.5 of Firefox, which was released on Tuesday. They are also advised to update to version 2.0.0.19 of Thunderbird and version 1.1.14 of SeaMonkey.

The vulnerabilities were found in earlier versions of Firefox 3, as well as in versions of Firefox 2.

According to a research note released on Wednesday by security researcher Secunia:

"Some vulnerabilities have been reported in Mozilla Firefox which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks or potentially compromise a user's system.

  1. Errors in the layout and JavaScript engines can be exploited to corrupt memory and potentially execute arbitrary code
  2. An error when processing the 'persist' XUL attribute can be exploited to bypass cookie settings and uniquely identify a user in subsequent browsing sessions
  3. Multiple errors can be exploited to bypass the same-origin policy, disclose sensitive information, and execute JavaScript code with chrome privileges"

Read this

Review
Review: Firefox 3

Read more +

One Mozilla advisory addresses critical security flaws in all three programs (Firefox, Thunderbird and SeaMonkey) that could arise from memory corruption and result in malicious attackers launching arbitrary code from users' computers.

Mozilla also noted that another set of critical vulnerabilities in all three programs could redirect users from a legitimate site to a malicious one, where users' private data could be stolen. A third set of critical flaws noted in all three programs could lead to the launching of arbitrary JavaScript within a different website.

Credit: Mozilla patches highly critical security flaws from CNET News

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
2 out of 2 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters