[pchelpers] News:Mozilla users warned--upgrade now

• From: John Durham <john.modec@xxxxxxxxxx>
• To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
• Date: Thu, 20 Apr 2006 08:33:00 +1200

By  Tom Espiner,  ZDNet (UK)
Published on ZDNet News: April 19, 2006, 8:11 AM PT

Users have been urged to upgrade to the latest versions of Mozilla's 
software to protect themselves from a series of critical security holes.

The Computer Emergency Readiness Team (CERT) warned on Monday that 
earlier versions of Firefox, and other Mozilla software based on Firefox 
code, contain a clutch of vulnerabilities that expose users to attack.

The Mozilla Foundation released a new version of Firefox last week, 
version 1.5.0.2, which it said contained fixes for several security flaws.

According to security firm Secunia, there are a total of 21 flaws in the 
older versions of Firefox, such as Firefox 1.5, some of which it 
described as critical.

CERT advises people who use Mozilla's e-mail software, Thunderbird, and 
the Internet application suite Seamonkey to also upgrade to the latest 
versions (Thunderbird 1.5 and Seamonkey 1.0.1). CERT warned that any 
other products based on older Mozilla components, particularly the Gecko 
rendering engine, may also be affected.

Firefox has traditionally been seen as being more secure than other Web 
browsers such as Microsoft's Internet Explorer. This is thought to be 
the first time that multiple vulnerabilities have been reported in 
Firefox and the Mozilla suite.

Secunia warned that hackers could exploit the security holes to gain 
control of computer systems, conduct phishing attacks, and bypass 
security restrictions.

One error that occurs in Firefox would allow arbitrary JavaScript code 
to be injected into Web pages as they load.

The vulnerabilities were discovered by Mozilla researchers, including 
Bernd Mielke, Alden D'Souza and Martijn Wargers, as well as by 3Com 
researchers working on the TippingPoint Zero Day Initiative.

This initiative encourages "responsible disclosure of vulnerabilities" 
to vendors, to give them time to put out patches before holes are 
disclosed to the public. TippingPoint started to disclose the holes to 
Mozilla from December last year.

Sourced from:
http://news.zdnet.com/2100-9588_22-6062713.html

-- 
Regards, John Durham <http://modecideas.com/contact.html?sig>
ICQ number 112663246
Fax/Phone 64 4 5286786
Award winning web site at http://modecideas.com?sig
PC-HELPERS list subscribe/unsub at http://modecideas.com/index.html?sig
Good advice is like good paint- it only works if applied.




-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription