• On TV.com: Welcome to ANIME 101

Security

Read all 'Thunderbird' posts in Security
December 18, 2008 7:45 AM PST

Mozilla patches highly critical security flaws

by Dawn Kawamoto
  • 26 comments

Mozilla has released updates to its popular Firefox browser, its Thunderbird e-mail client, and its SeaMonkey application suite, aiming to address highly critical security flaws that could expose users' sensitive information.

Users are advised to update to version 3.0.5 of Firefox, which was released Tuesday. They are also advised to update to version 2.0.0.19 of Thunderbird and version 1.1.14 of SeaMonkey.

The vulnerabilities were found in earlier versions of Firefox 3, as well as in versions of Firefox 2.

According to a research note released Wednesday by security researcher Secunia:

Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.

  1. Errors in the layout and JavaScript engines can be exploited to corrupt memory and potentially execute arbitrary code.
  2. An error when processing the "persist" XUL attribute can be exploited to bypass cookie settings and uniquely identify a user in subsequent browsing sessions.
  3. Multiple errors can be exploited to bypass the same-origin policy, disclose sensitive information, and execute JavaScript code with chrome privileges.

One advisory addresses critical security flaws in all three programs (Firefox, Thunderbird, and SeaMonkey) that could arise from memory corruption and result in malicious attackers launching arbitrary code from users computers.

Mozilla also notes that another set of critical vulnerabilities in all three could redirect users from a legitimate site to a malicious one, where users' private data could be stolen. And a third set of critical flaws noted in all three could lead to the launching of arbitrary JavaScript within a different Web site.

Topics:
Vulnerabilities and attacks
Tags:
Mozilla,
Firefox,
Thunderbird,
SeaMonkey,
security flaws,
critical vulnerabilities,
security advisory warnings
Share:
Digg
Del.icio.us
Reddit
September 26, 2008 2:21 PM PDT

Two critical holes plugged in Thunderbird

by Seth Rosenblatt
  • Post a comment

Mozilla pushed out an update to its e-mail client Thunderbird today. The 2.0.0.17 update, for both Windows and Mac versions, corrects two potential exploits. Centered around Newsgroup functionality and an obscure UTF-8 hyperlink spoof, they could've allowed an attacker to execute arbitrary code.

A spate of bug fixes, memory leaks, and other less severe tweaks were addressed, too. The full changelog can be read here.

Originally posted at The Download Blog
Topics:
Vulnerabilities and attacks
Tags:
Thunderbird,
freeware,
open-source
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

Google's mobile hopes go beyond Nexus One

The world may have thrilled to the potential for a Google Phone, but what Google actually unveiled is its plan for a new smartphone world order.
• Photos: Unboxing Nexus One

Using your smartphone safely

faq Worms, Trojans, and SMS attacks are risks for mobile phones, but the biggest practical threat to users is losing the device.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed



advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET