Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости в Mozilla Firefox, Thunderbird, Seamonkey (multiple bugs)

  Mozilla Foundation Security Advisory 2007-25

  Mozilla Foundation Security Advisory 2007-22

  Mozilla Foundation Security Advisory 2007-21

  Mozilla Foundation Security Advisory 2007-20

From:CERT <cert_(at)_cert.gov>
Date:19 июля 2007 г.
Subject:US-CERT Technical Cyber Security Alert TA07-199A -- Mozilla Updates for Multiple Vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                       National Cyber Alert System

               Technical Cyber Security Alert TA07-199A


Mozilla Updates for Multiple Vulnerabilities

  Original release date: July 18, 2007
  Last revised: --
  Source: US-CERT


Systems Affected

    * Mozilla Firefox
    * Mozilla Thunderbird

  Other products based on Mozilla components may also be affected.


Overview

  The Mozilla web browser and derived products contain several
  vulnerabilities, the most severe of which could allow a remote
  attacker to execute arbitrary code on an affected system.


I. Description

  Mozilla has released new versions of Firefox and Thunderbird to
  address several vulnerabilities. Further details about these
  vulnerabilities are available from Mozilla and the Vulnerability Notes
  Database. An attacker could exploit these vulnerabilities by
  convincing a user to view a specially-crafted HTML document, such as a
  web page or an HTML email message.


II. Impact

  While the impacts of the individual vulnerabilities vary, the most
  severe could allow a remote, unauthenticated attacker to execute
  arbitrary code on a vulnerable system. An attacker may also be able to
  cause a denial of service or obtain private information.


III. Solution


Upgrade

  These vulnerabilities are addressed in Mozilla Firefox 2.0.0.5 and
  Thunderbird 2.0.0.5.


Disable JavaScript

  Some of these vulnerabilities can be mitigated by disabling JavaScript
  or using the NoScript extension. For more information about
  configuring Firefox, please see the Securing Your Web Browser
  document. Thunderbird disables JavaScript and Java by default.


IV. References

    * US-CERT Vulnerability Notes -
      <http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_20070717>


    * Securing Your Web Browser -
      <http://www.us-cert.gov/reading_room/securing_browser/browser_security.h
tml#Mozilla_Firefox
>
    
    * Mozilla Foundation Security Advisories - <http://www.mozilla.org/security/announce/>
    
    * Known Vulnerabilities in Mozilla Products -
      <http://www.mozilla.org/projects/security/known-vulnerabilities.html>

    
    * Mozilla Hall of Fame - <http://www.mozilla.org/university/HOF.html>
    
    * NoScript Firefox Extension - <http://noscript.net/>
    

_________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA07-199A.html>
_________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <[email protected]> with "TA07-199A Feedback VU#143297" in the
  subject.
_________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>
_________________________________________________________________

  Produced 2007 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
 _________________________________________________________________

  Produced 2007 by US-CERT, a government organization. Terms of use

  Revision History

  July 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRp53HfRFkHkM87XOAQLeRwf/QqMX0I06N0r/bctdkce0RqUa9ZwpLSsM
42Ihq6NSQDOGM1cfqa8TxtYbITjV2cOQAmAYsi7HGdMF6zbZbkAZ5e/Lo06Be3mW
Rw9s+ci5mLOiFHQ1mBAYn5/1+iK9WJPrbL3tvE9ejAjdIzSieWz4wwYE/A4gIJxh
XnlwZT+EXafixy8qu/uLUjhwlfs+HiOtjaSP4q+N+LLfeSk+UeAXbT6nPt6d+B7Z
hd7RKOJR2eesWpc9L7/oq0tmJdXSkW9Qel3L9KssOiir/ZKqpyVISkBxTbce9Pq8
hqXne3HWJXBT19YBmRMSDD693J6siCPXuLSLJbTFN4d/NKM5MF7kTQ==
=jDnr
-----END PGP SIGNATURE-----

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород