From: Panda Oxygen3: "A good name is better than riches" Miguel de Cervantes Saavedra (1547-1616); Spanish writer. - Critical update for Firefox and Mozilla - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, April 18 2005 - The release of the new versions Firefox 1.0.3 and Mozilla 1.7.7 has been announced. These new versions correct several security vulnerabilities, including some critical ones which could allow remote execution of code. Two of these, which could be exploited by an attacker to automatically install or run malicious code, affect versions prior to Firefox 1.0.3 and Mozilla 1.7.7. The first of these vulnerabilities can be exploited injecting javascript code in link tags supporting "favicons", while the second is based on overwriting values in DOM (Document Object Model). There is also a third critical vulnerability, which in this case does not affect Mozilla, and which allows the execution of arbitrary code remotely via the Firefox side bar. Firefox 1.0.3 and Mozilla 1.7.7 also deal with other vulnerabilities considered as high and moderate risk. Because of this situation, the Mozilla foundation strongly advises users to update to the new versions, available on its website at: http://www.mozilla.org More details on the corrected vulnerabilities can be found at the following address: http://www.mozilla.org/projects/security/known-vulnerabilities.html NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1)Qhost.AF; 2)Mhtredir.gen; 3)Bagle.CA; 4)Bagle.CC; 5)Shinwow.E. ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member