Информационная безопасность
[RU] switch to English

Дополнительная информация

  Многочисленные уязвимости в Mozilla Firefox, Thunderbird, Seamonkey (multiple bugs)

  Mozilla Foundation Security Advisory 2007-25

  Mozilla Foundation Security Advisory 2007-22

  Mozilla Foundation Security Advisory 2007-21

  Mozilla Foundation Security Advisory 2007-20

From:CERT <cert_(at)_cert.gov>
Date:19 июля 2007 г.
Subject:US-CERT Technical Cyber Security Alert TA07-199A -- Mozilla Updates for Multiple Vulnerabilities

Hash: SHA1

                       National Cyber Alert System

               Technical Cyber Security Alert TA07-199A

Mozilla Updates for Multiple Vulnerabilities

  Original release date: July 18, 2007
  Last revised: --
  Source: US-CERT

Systems Affected

    * Mozilla Firefox
    * Mozilla Thunderbird

  Other products based on Mozilla components may also be affected.


  The Mozilla web browser and derived products contain several
  vulnerabilities, the most severe of which could allow a remote
  attacker to execute arbitrary code on an affected system.

I. Description

  Mozilla has released new versions of Firefox and Thunderbird to
  address several vulnerabilities. Further details about these
  vulnerabilities are available from Mozilla and the Vulnerability Notes
  Database. An attacker could exploit these vulnerabilities by
  convincing a user to view a specially-crafted HTML document, such as a
  web page or an HTML email message.

II. Impact

  While the impacts of the individual vulnerabilities vary, the most
  severe could allow a remote, unauthenticated attacker to execute
  arbitrary code on a vulnerable system. An attacker may also be able to
  cause a denial of service or obtain private information.

III. Solution


  These vulnerabilities are addressed in Mozilla Firefox and

Disable JavaScript

  Some of these vulnerabilities can be mitigated by disabling JavaScript
  or using the NoScript extension. For more information about
  configuring Firefox, please see the Securing Your Web Browser
  document. Thunderbird disables JavaScript and Java by default.

IV. References

    * US-CERT Vulnerability Notes -

    * Securing Your Web Browser -
    * Mozilla Foundation Security Advisories - <http://www.mozilla.org/security/announce/>
    * Known Vulnerabilities in Mozilla Products -

    * Mozilla Hall of Fame - <http://www.mozilla.org/university/HOF.html>
    * NoScript Firefox Extension - <http://noscript.net/>


  The most recent version of this document can be found at:


  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <[email protected]> with "TA07-199A Feedback VU#143297" in the

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>

  Produced 2007 by US-CERT, a government organization.

  Terms of use:


  Produced 2007 by US-CERT, a government organization. Terms of use

  Revision History

  July 18, 2007: Initial release
Version: GnuPG v1.2.1 (GNU/Linux)


О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород