[322] in Security FYI
[IS&T Security-FYI] Mozilla Upgrades Address Browser Vulnerabilities
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Thu Nov 9 15:21:49 2006
Mime-Version: 1.0 (Apple Message framework v752.3)
To: ist-security-fyi@mit.edu
Message-Id: <FA1F747C-89DA-4657-A619-B6A51137A2A9@mit.edu>
From: Monique Yeaton <myeaton@mit.edu>
Date: Thu, 9 Nov 2006 15:19:48 -0500
Content-Type: multipart/mixed; boundary="===============1265846455=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1265846455==
Content-Type: multipart/alternative; boundary=Apple-Mail-1-112794952
--Apple-Mail-1-112794952
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
delsp=yes;
format=flowed
---------------------
This notice is being sent in response to Technical Cyber Security
Alert TA06-312A, November 8, 2006
Three security advisories have been released to report
vulnerabilities found in Mozilla web browsers. Upgrades Mozilla
Firefox 1.5.0.8, Mozilla Thunderbird 1.5.0.8, and SeaMonkey 1.0.6
address these vulnerabilities.
According to September 2006 statistics, 45% of certificates at MIT
were obtained using Firefox/Mozilla browsers. If you are using any of
these browsers, we advise to upgrade now.
Firefox 1.5.0.8
<http://www.mozilla.com/en-US/firefox/releases/1.5.0.8.html>
Thunderbird 1.5.0.8
<http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.8.html>
SeaMonkey 1.0.6
<http://www.mozilla.org/projects/seamonkey/>
The vulnerabilities found could allow a remote attacker to execute
arbitrary code that could possibly affect the application. It could
also allow impersonation of a seemingly secure site and cause a
denial-of-service (DoS), making a Web page unavailable to its
intended users.
According to Mozilla, Firefox 1.5.0.x will be maintained with
security and stability updates until April 24, 2007. All users are
strongly encouraged to upgrade to Firefox 2 <http://www.mozilla.com/
en-US/firefox/>.
-----
The most recent version of this CERT advisory can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-312A.html>
References:
* Vulnerability Note VU#714496 -
<http://www.kb.cert.org/vuls/id/714496>
* Vulnerability Note VU#335392 -
<http://www.kb.cert.org/vuls/id/335392>
* Vulnerability Note VU#815432 -
<http://www.kb.cert.org/vuls/id/815432>
* Vulnerability Note VU#390480 -
<http://www.kb.cert.org/vuls/id/390480>
* Vulnerability Note VU#495288 -
<http://www.kb.cert.org/vuls/id/495288>
* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/security/announce/>
* Known Vulnerabilities in Mozilla Products -
<http://www.mozilla.org/projects/security/known-
vulnerabilities.html>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/
browser_security.html#Mozilla_Firefox>
* Mozilla Hall of Fame -
<http://www.mozilla.org/university/HOF.html>
* Site Controls -
<http://browser.netscape.com/ns8/help/options-site.jsp>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
N42-040, tel: (617) 253-2715
--Apple-Mail-1-112794952
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=ISO-8859-1
<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; ">---------------------<DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>This notice is being sent =
in response to Technical Cyber Security Alert TA06-312A, November 8, =
2006</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>Three =
security advisories have been released to report vulnerabilities found =
in Mozilla web browsers. Upgrades Mozilla Firefox 1.5.0.8, Mozilla =
Thunderbird 1.5.0.8, and SeaMonkey 1.0.6 address these =
vulnerabilities.=A0</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>According to September 2006 =
statistics, 45% of certificates at MIT were obtained using =
Firefox/Mozilla browsers. If you are using any of these browsers, we =
advise to upgrade now.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Firefox =
1.5.0.8=A0</DIV><DIV><<A =
href=3D"http://www.mozilla.com/en-US/firefox/releases/1.5.0.8.html">http:/=
/www.mozilla.com/en-US/firefox/releases/1.5.0.8.html</A>></DIV><DIV><BR=
class=3D"khtml-block-placeholder"></DIV><DIV>Thunderbird =
1.5.0.8=A0</DIV><DIV><<A =
href=3D"http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.8.html">ht=
tp://www.mozilla.com/en-US/thunderbird/releases/1.5.0.8.html</A>></DIV>=
<DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>SeaMonkey =
1.0.6=A0</DIV><DIV><<A =
href=3D"http://www.mozilla.org/projects/seamonkey/">http://www.mozilla.org=
/projects/seamonkey/</A>></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>The vulnerabilities found =
could allow a remote attacker to execute arbitrary code that could =
possibly affect the application. It could also allow impersonation of a =
seemingly secure site and cause a denial-of-service (DoS), making a Web =
page unavailable to its intended users. </DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>According to Mozilla, =
Firefox 1.5.0.x will be maintained with security and stability updates =
until April 24, 2007. All users are strongly encouraged to upgrade to =
Firefox 2 <<A =
href=3D"http://www.mozilla.com/en-US/firefox/">http://www.mozilla.com/en-U=
S/firefox/</A>>.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>-----</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>The most recent version of =
this CERT advisory can be found at:</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV><<A =
href=3D"http://www.us-cert.gov/cas/techalerts/TA06-312A.html">http://www.u=
s-cert.gov/cas/techalerts/TA06-312A.html</A>></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>References:</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>=A0 =A0=A0 * Vulnerability =
Note VU#714496 -</DIV><DIV>=A0 =A0 =A0=A0 <<A =
href=3D"http://www.kb.cert.org/vuls/id/714496">http://www.kb.cert.org/vuls=
/id/714496</A>></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>=A0 =A0=A0 * Vulnerability =
Note VU#335392 -</DIV><DIV>=A0 =A0 =A0=A0 <<A =
href=3D"http://www.kb.cert.org/vuls/id/335392">http://www.kb.cert.org/vuls=
/id/335392</A>></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>=A0 =A0=A0 * Vulnerability =
Note VU#815432 -</DIV><DIV>=A0 =A0 =A0=A0 <<A =
href=3D"http://www.kb.cert.org/vuls/id/815432">http://www.kb.cert.org/vuls=
/id/815432</A>></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>=A0 =A0=A0 * Vulnerability =
Note VU#390480 -</DIV><DIV>=A0 =A0 =A0=A0 <<A =
href=3D"http://www.kb.cert.org/vuls/id/390480">http://www.kb.cert.org/vuls=
/id/390480</A>></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>=A0 =A0=A0 * Vulnerability =
Note VU#495288 -</DIV><DIV>=A0 =A0 =A0=A0 <<A =
href=3D"http://www.kb.cert.org/vuls/id/495288">http://www.kb.cert.org/vuls=
/id/495288</A>></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>=A0 =A0=A0 * Mozilla =
Foundation Security Advisories -</DIV><DIV>=A0 =A0 =A0=A0 <<A =
href=3D"http://www.mozilla.org/security/announce/">http://www.mozilla.org/=
security/announce/</A>></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>=A0 =A0=A0 * Known =
Vulnerabilities in Mozilla Products -</DIV><DIV>=A0 =A0 =A0=A0 <<A =
href=3D"http://www.mozilla.org/projects/security/known-vulnerabilities.htm=
l">http://www.mozilla.org/projects/security/known-vulnerabilities.html</A>=
></DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>=A0 =A0=A0=
* Securing Your Web Browser -</DIV><DIV>=A0 =A0 =A0=A0 <<A =
href=3D"http://www.us-cert.gov/reading_room/securing_browser/browser_secur=
ity.html#Mozilla_Firefox">http://www.us-cert.gov/reading_room/securing_bro=
wser/browser_security.html#Mozilla_Firefox</A>></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>=A0 =A0=A0 * Mozilla Hall =
of Fame -</DIV><DIV>=A0 =A0 =A0=A0 <<A =
href=3D"http://www.mozilla.org/university/HOF.html">http://www.mozilla.org=
/university/HOF.html</A>></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>=A0 =A0=A0 * Site Controls =
-</DIV><DIV>=A0 =A0 =A0=A0 <<A =
href=3D"http://browser.netscape.com/ns8/help/options-site.jsp">http://brow=
ser.netscape.com/ns8/help/options-site.jsp</A>></DIV><DIV><BR></DIV><BR=
><BR><DIV> <SPAN class=3D"Apple-style-span" style=3D"border-collapse: =
separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: =
0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><DIV>Monique =
Yeaton</DIV><DIV>IT Security Awareness Consultant</DIV><DIV>MIT =
Information Services & Technology (IS&T)</DIV><DIV>N42-040, tel: =
(617) 253-2715</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><BR =
class=3D"Apple-interchange-newline"></SPAN></SPAN> =
</DIV><BR></BODY></HTML>=
--Apple-Mail-1-112794952--
--===============1265846455==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1265846455==--
