Jump to content

Bug In Mozilla-based Browsers?


Recommended Posts

I just received an email from the US-CERT that says there are new security vulnerabilities in Mozilla-based browsers. Anyone heard of this yet? I'm posting the email I received below.

 

If I need to upgrade my Firefox browser (currently using 0.9.2), can someone provide a URL of patch?

 

Thanks,

Kasey

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

                    Cyber Security Alert SA04-261A

              Multiple vulnerabilities in Mozilla products

 

  Original release date: September 17, 2004

  Last revised: --

  Source: US-CERT

 

Systems Affected

 

    * Mozilla Suite (Mozilla web browser, Mozilla Mail)

    * Firefox web browser

    * Thunderbird email client

 

Overview

 

    By taking advantage of one or more vulnerabilities in Mozilla

    products, an attacker may be able to take control of your

computer.

 

Solution

 

Upgrade to the latest version

 

    Mozilla has released updated versions of the affected products.

You

    can download the latest versions:

    * Mozilla

    * Firefox

    * Thunderbird

 

Description

 

    There are vulnerabilities in various features of Mozilla's web

    browsers and email clients. Some of the vulnerabilities are

    connected to the way the application handles URLs or images. In

one

    instance, an attacker could cause an application to crash or could

    take control of your computer by convincing you to view a

malicious

    web site or email message.

 

    For more technical information, see US-CERT Technical Alert

    TA04-261A.

 

References

 

    * Known Vulnerabilities in Mozilla -

     

<http://www.mozilla.org/projects/security/known-vulnerabilities.ht

      ml>

    * US-CERT Technical Cyber Security Alert TA04-261A -

      <http://www.us-cert.gov/cas/techalerts/TA04-261A.html>

  _________________________________________________________________

 

  Feedback can be directed to US-CERT.

  _________________________________________________________________

   

  Copyright 2004 Carnegie Mellon University.

   

  Terms of use: <http://www.us-cert.gov/legal.html>

 

  This document is available from 

 

  <http://www.us-cert.gov/cas/alerts/SA04-261A.html>

 

  Revision History

 

    September 17, 2004: Initial release

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.2.1 (GNU/Linux)

 

iQEVAwUBQUtC8RhoSezw4YfQAQL4gAf/Wu5pYhSMCOGAjBH+pdAFFTaEGuBsRUne

LqUdj0I1lTdpEPW7ciBbV+C6iBdYM7slcr+k4mlnRD/tL2HWmpg8ebAqo2SYpURB

q2mWTksR7wgCWyw1GLOitfNliwNjLs6jg01aFq4xsBnnBaLCRbwmUktuer8zuqDL

3ANJbMF9LHRFB5uex7TMKuAHuq4KQy6zShoxmC71p4nWSBZ+sK8DYzKdDV90/M34

5Qwyuw9l73STw3wRULm2dKOPp5nRmlSubxD8Ftrhc08ZHssD4373Tv7rBAkVnzus

yu4If21Wq8ISXVSNAUBAmsMWJHR3unqq6XVrcikqSKwDU8i0wVG0WQ==

=XPw9

-----END PGP SIGNATURE-----

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...