Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости безопасности в Mozilla Firefox / Seamonkey

  Mozilla Foundation Security Advisory 2008-19

  Mozilla Foundation Security Advisory 2008-18

  Mozilla Foundation Security Advisory 2008-17

  Mozilla Foundation Security Advisory 2008-16

From:CERT <cert_(at)_cert.gov>
Date:28 марта 2008 г.
Subject:US-CERT Technical Cyber Security Alert TA08-087A -- Mozilla Updates for Multiple Vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

    National Cyber Alert System
  
Technical Cyber Security Alert TA08-087A


Mozilla Updates for Multiple Vulnerabilities

  Original release date: March 27, 2008
  Last revised: --
  Source: US-CERT

Systems Affected

    * Mozilla Firefox
    * Mozilla Thunderbird
    * Mozilla SeaMonkey

  Other products based on Mozilla components may also be affected.

Overview

  New  versions  of  Firefox, Thunderbird, and SeaMonkey address several
  vulnerabilities,  the  most  severe  of  which  could  allow  a remote
  attacker to execute arbitrary code on an affected system.

I. Description

  The  Mozilla  and the SeaMonkey projects have released new versions of
  Firefox, Thunderbird and SeaMonkey to address several vulnerabilities.
  Further  details  about these vulnerabilities are available in Mozilla
  Foundation  Security  Advisories and the Vulnerability Notes Database.
  An  attacker  could exploit these vulnerabilities by convincing a user
  to  view  a  specially crafted HTML document, such as a web page or an
  HTML email message.

II. Impact

  While  the  impacts  of  the individual vulnerabilities vary, the most
  severe  could  allow  a  remote,  unauthenticated  attacker to execute
  arbitrary code on a vulnerable system. An attacker may also be able to
  cause a denial of service or execute cross-site scripting attacks.

III. Solution

Upgrade

  These  vulnerabilities  are  addressed  in  Mozilla  Firefox 2.0.0.13,
  Thunderbird 2.0.0.13, and SeaMonkey 1.1.9.

Disable JavaScript

  Some of these vulnerabilities can be mitigated by disabling JavaScript
  or  by  using  the  NoScript  extension.  For  more  information about
  configuring   Firefox,  please  see  the  Securing  Your  Web  Browser
  document. Thunderbird disables JavaScript by default.

IV. References

* US-CERT Vulnerability Notes -
  <http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_200803>
    
* Securing Your Web Browser -
  <http://www.us-cert.gov/reading_room/securing_browser/browser_security.html#
Mozilla_Firefox
>
    
* Mozilla Foundation Security Advisories -
  <http://www.mozilla.org/security/announce/>
    
* Known Vulnerabilities in Mozilla Products -
  <http://www.mozilla.org/projects/security/known-vulnerabilities.html>
    
* Mozilla Hall of Fame -
  <http://www.mozilla.org/university/HOF.html>
    
* NoScript Firefox Extension - <http://noscript.net/>

_________________________________________________________________

 The most recent version of this document can be found at:

   <http://www.us-cert.gov/cas/techalerts/TA08-087A.html>
_________________________________________________________________

 Feedback can be directed to US-CERT Technical Staff. Please send
 email to <[email protected]> with "TA08-087A Feedback VU#466521" in the
 subject.
_________________________________________________________________

 For instructions on subscribing to or unsubscribing from this
 mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________

 Produced 2008 by US-CERT, a government organization.

 Terms of use:

   <http://www.us-cert.gov/legal.html>
____________________________________________________________________

  Revision History

  March 27, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR+wDN/RFkHkM87XOAQJAhgf/bIVWAfAziBM4goXAtieyD2iOa3IG+6In
KhYvC97IuQhVi2OBXW6mIBjBIGSg1mPehN9Su1N2/58hHH5yvmH2mhus2unOV6cQ
z+SXE8fuVbWthaeYaAlCRFGjtwek6uaXre1PmfUV4tbrPLZIyo3GgU/W37SIxp3L
BtBJTUL2rnEh+c7GH+6PjY6WNZvLHjuSaktSVXkFZZ7cr8cbVF2Q/qluK0Yb04Zu
sYlzZnI8kqwlck+EuNOgU1BDfkDCz2ZIMcre6/y7og+btXiLeo+f84DfXLlthqyo
Ng4D/I2+9iI/k4QhUOShrOKY3ZQzr9liQn/mtZUFPVxXTuOe9dtK5w==
=Ite0
-----END PGP SIGNATURE-----

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород