December 20, 2006 8:57 AM PST

Mozilla issues security updates

The Mozilla Foundation has issued "critical" security updates to vulnerabilities discovered in the Firefox browser, Thunderbird e-mail client and SeaMonkey application suite.

Flaws were found in versions of the open-source software prior to both Firefox 2.0.0.1 and Firefox 1.5.0.9, as well as prior to Thunderbird 1.5.0.9 and SeaMonkey 1.0.7, Mozilla said Tuesday.

The vulnerabilities could potentially be exploited to conduct cross-site scripting attacks, to let malicious attackers launch a remote execution of code on users' computers, and to expose sensitive information, according to an advisory from security company Secunia.

While Mozilla labeled the updates "critical," Secunia rated them "highly critical."

Mozilla advised people to forgo enabling JavaScript in Thunderbird and the mail portions of its Internet application suite SeaMonkey. People are also advised to download SeaMonkey 1.0.7, which is undergoing its final paces of testing.

"Some of these (flaws) were crashes that showed evidence of memory corruption, and we presume that at least some of these could be exploited to run arbitrary code with enough effort," according to one of six-related "critical" Mozilla security advisories issued Tuesday.

Last month, Mozilla also issued "critical" security updates for Firefox, Thunderbird and SeaMonkey. Like the new flaws, the earlier ones involved the potential for malicious attackers to take hold of users' systems.

See more CNET content tagged:
Mozilla Corp., security update, flaw, Mozilla Thunderbird, XSS

22 comments

Join the conversation!
Add your comment
A bit misleading, don't you think
Okay, I've come to not expect "fair and balanced"(TM) reporting from c|Net but come on.

"While Mozilla labeled the updates "critical," Secunia rated them "highly critical.""

Of course Mozilla ONLY labeled the updates "critical", Mozilla's impact key ONLY goes up to critical.

This is just poor journalism.
Posted by FOSS4evR (25 comments )
Reply Link Flag
You're a moron!
<eom>
Posted by anarchyreigns (299 comments )
Link Flag
Secunia is a "panic the user" organization
Their money comes from users who succumb to their panics so they have a "rating" scale that's built to push people's panic buttons. Otherwise people would look at the definition of "critical" and understand that adding "extremely" to it is an exercise in redundancy.
Posted by extinctone (214 comments )
Link Flag
Not really much of an issue...
Since most FF users use NoScript. Most pages I visit never run one line of JavaScript period. Cross Site scripting never happens until I implicitly trust both sites.
Posted by umbrae (1073 comments )
Reply Link Flag
geek-minded assumptions
Claiming that "most FF users use NoScript" is a presumptuous
generalization. Frankly, my guess would be that most FF users
don't even know what NoScript is/does.
Posted by sjkx (49 comments )
Link Flag
unpatched flaw in Firefox 2.0.0.1 allows to steal the passwords
unpatched flaw in Firefox 2.0.0.1 allows to steal the passwords

test here: <a class="jive-link-external" href="http://www.info-svc.com/news/11-21-2006/rcsr1/" target="_newWindow">http://www.info-svc.com/news/11-21-2006/rcsr1/</a>
Posted by pip_z (5 comments )
Reply Link Flag
NoScript doesn't protect from SVG remote code execuion in Firefox 2.
NoScript doesn't protect from SVG remote code execuion in Firefox 2.
Posted by pip_z (5 comments )
Reply Link Flag
NoScript doesn't protect from SVG remote code execution in Firefox 2.
NoScript doesn't protect from SVG remote code execuion in Firefox 2.
Posted by pip_z (5 comments )
Reply Link Flag
NoScript doesn't protect from SVG remote code execution in Firefox 2.
NoScript doesn't protect from SVG remote code execution in Firefox 2.
Posted by pip_z (5 comments )
Reply Link Flag
flaw in Firefox 2.0.0.1 allows to steal the passwords
unpatched flaw in Firefox 2.0.0.1 allows to steal the passwords

test here: <a class="jive-link-external" href="http://www.info-svc.com/news/11-21-2006/rcsr1/" target="_newWindow">http://www.info-svc.com/news/11-21-2006/rcsr1/</a>
Posted by pip_z (5 comments )
Reply Link Flag
Opera...
... is the most secured. Compare:

Opera 9 - 2 patched
<a class="jive-link-external" href="http://secunia.com/product/10615/?task=advisories" target="_newWindow">http://secunia.com/product/10615/?task=advisories</a>

FF 2 - 1 patched; 1 unpatched
<a class="jive-link-external" href="http://secunia.com/product/12434/?task=advisories" target="_newWindow">http://secunia.com/product/12434/?task=advisories</a>

IE 7 - 3 unpatched
<a class="jive-link-external" href="http://secunia.com/product/12366/?task=advisories" target="_newWindow">http://secunia.com/product/12366/?task=advisories</a>

Safari 2 - 2 patched; 3 unpatched
<a class="jive-link-external" href="http://secunia.com/product/5289/?task=advisories" target="_newWindow">http://secunia.com/product/5289/?task=advisories</a>

Hmmm...
Posted by Mendz (519 comments )
Reply Link Flag
1-%...
The fact that a comapany called Secunia doesn't know any unpatched flaws, at a specific time, for a product that is used by less than 1% of people, doesn't mean there are no unpatched flaws and that, thus, doesn't mean that product is the most secured one.
Afterall, it's much more likely to find flaws for something that is used by more than 80% (overal percentage, not IE7-specific, but still a metric) of people, wouldn't you agree?
Posted by Ryo Hazuki (378 comments )
Link Flag
And more will follow
A prediction: Google's motto is 'Do no Evil' yet their floatation has made them less warm and fuzzy and more corporate. As Firefox matures as a business there will be the temptation to 'make money' (even though they make millions of dollars through search partnerships already!), will bring Firefox into the corporate lime light and the tecnical self appointed elite will turn on them. They will become a traget just like Microsoft - for the ethical, and not-so-ethical hackers looking to 'kick' the corproate man for turning against the geekorati. Or, in the case of 'security' companies, to make a name for themselves.

Watch this space...
Posted by Technoswamp (1 comment )
Reply Link Flag
Don't you all ever get tired...
of this constant bickering about who's right and who's wrong or which is better and which is worse.

Their is no truth to be found. It's all a one sided story. The only real difference between any of us is which side we choose to believe.
Posted by System Tyrant (1453 comments )
Reply Link Flag
@FOSS4evR
Look, you sack of ****, here are just two here. I'll leave it to you with your third grade education to find the rest. Ya know, why don't you do us all a favor and leave this board, as it's the low rent wannabees who have no understanding of how little they know, that ruin it for the rest of us?
<a class="jive-link-external" href="http://news.yahoo.com/s/nf/20061220/bs_nf/48890" target="_newWindow">http://news.yahoo.com/s/nf/20061220/bs_nf/48890</a>
<a class="jive-link-external" href="http://www.cio-today.com/news/Mozilla-Patches-Firefox-and-Thunderbird/story.xhtml?story_id=110003SJ1ECS" target="_newWindow">http://www.cio-today.com/news/Mozilla-Patches-Firefox-and-Thunderbird/story.xhtml?story_id=110003SJ1ECS</a>
Posted by anarchyreigns (299 comments )
Reply Link Flag
I disagree.
It's people like you that ruin it for the rest of us. You are the sore thumb here. Even your nickname says that.

Why don't you leave and find some place else to insult people.
Posted by System Tyrant (1453 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.