Mozilla issues security updates

By Dawn Kawamoto
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: Another denial-of-service bug found in Firefox 2
November 1, 2006; Firefox update patches security holes
September 15, 2006

The Mozilla Foundation has issued "critical" security updates to vulnerabilities discovered in the Firefox browser, Thunderbird e-mail client and SeaMonkey application suite.

Flaws were found in versions of the open-source software prior to both Firefox 2.0.0.1 and Firefox 1.5.0.9, as well as prior to Thunderbird 1.5.0.9 and SeaMonkey 1.0.7, Mozilla said Tuesday.

The vulnerabilities could potentially be exploited to conduct cross-site scripting attacks, to let malicious attackers launch a remote execution of code on users' computers, and to expose sensitive information, according to an advisory from security company Secunia.

While Mozilla labeled the updates "critical," Secunia rated them "highly critical."

Mozilla advised people to forgo enabling JavaScript in Thunderbird and the mail portions of its Internet application suite SeaMonkey. People are also advised to download SeaMonkey 1.0.7, which is undergoing its final paces of testing.

"Some of these (flaws) were crashes that showed evidence of memory corruption, and we presume that at least some of these could be exploited to run arbitrary code with enough effort," according to one of six-related "critical" Mozilla security advisories issued Tuesday.

Last month, Mozilla also issued "critical" security updates for Firefox, Thunderbird and SeaMonkey. Like the new flaws, the earlier ones involved the potential for malicious attackers to take hold of users' systems.

See more CNET content tagged:
Mozilla Thunderbird, Mozilla Corp., security update, XSS, Firefox

Add a Comment (Log in or register) 22 comments (Showing first 20 comments)

A bit misleading, don't you think
by FOSS4evR December 20, 2006 9:43 AM PST: Okay, I've come to not expect "fair and balanced"(TM) reporting from c|Net but come on.

"While Mozilla labeled the updates "critical," Secunia rated them "highly critical.""

Of course Mozilla ONLY labeled the updates "critical", Mozilla's impact key ONLY goes up to critical.

This is just poor journalism.; Reply to this comment View all 2 replies
Processing

Not really much of an issue...
by umbrae December 20, 2006 10:32 AM PST: Since most FF users use NoScript. Most pages I visit never run one line of JavaScript period. Cross Site scripting never happens until I implicitly trust both sites.; Reply to this comment View reply
Processing

unpatched flaw in Firefox 2.0.0.1 allows to steal the passwords
by pip_z December 20, 2006 11:43 AM PST: unpatched flaw in Firefox 2.0.0.1 allows to steal the passwords

test here: http://www.info-svc.com/news/11-21-2006/rcsr1/; Reply to this comment

NoScript doesn't protect from SVG remote code execuion in Firefox 2.
by pip_z December 20, 2006 11:46 AM PST: NoScript doesn't protect from SVG remote code execuion in Firefox 2.; Reply to this comment

NoScript doesn't protect from SVG remote code execution in Firefox 2.
by pip_z December 20, 2006 11:48 AM PST: NoScript doesn't protect from SVG remote code execuion in Firefox 2.; Reply to this comment

NoScript doesn't protect from SVG remote code execution in Firefox 2.
by pip_z December 20, 2006 11:48 AM PST: NoScript doesn't protect from SVG remote code execution in Firefox 2.; Reply to this comment

flaw in Firefox 2.0.0.1 allows to steal the passwords
by pip_z December 20, 2006 11:50 AM PST: unpatched flaw in Firefox 2.0.0.1 allows to steal the passwords

test here: http://www.info-svc.com/news/11-21-2006/rcsr1/; Reply to this comment

Opera...
by Mendz December 20, 2006 5:21 PM PST: ... is the most secured. Compare:

Opera 9 - 2 patched
http://secunia.com/product/10615/?task=advisories

FF 2 - 1 patched; 1 unpatched
http://secunia.com/product/12434/?task=advisories

IE 7 - 3 unpatched
http://secunia.com/product/12366/?task=advisories

Safari 2 - 2 patched; 3 unpatched
http://secunia.com/product/5289/?task=advisories

Hmmm...; Reply to this comment View reply
Processing

And more will follow
by Technoswamp December 21, 2006 8:26 AM PST: A prediction: Google's motto is 'Do no Evil' yet their floatation has made them less warm and fuzzy and more corporate. As Firefox matures as a business there will be the temptation to 'make money' (even though they make millions of dollars through search partnerships already!), will bring Firefox into the corporate lime light and the tecnical self appointed elite will turn on them. They will become a traget just like Microsoft - for the ethical, and not-so-ethical hackers looking to 'kick' the corproate man for turning against the geekorati. Or, in the case of 'security' companies, to make a name for themselves.

Watch this space...; Reply to this comment

Don't you all ever get tired...
by System Tyrant December 22, 2006 1:00 PM PST: of this constant bickering about who's right and who's wrong or which is better and which is worse.

Their is no truth to be found. It's all a one sided story. The only real difference between any of us is which side we choose to believe.; Reply to this comment

@FOSS4evR
by anarchyreigns December 22, 2006 1:05 PM PST: Look, you sack of ****, here are just two here. I'll leave it to you with your third grade education to find the rest. Ya know, why don't you do us all a favor and leave this board, as it's the low rent wannabees who have no understanding of how little they know, that ruin it for the rest of us?
http://news.yahoo.com/s/nf/20061220/bs_nf/48890
http://www.cio-today.com/news/Mozilla-Patches-Firefox-and-Thunderbird/story.xhtml?story_id=110003SJ1ECS; Reply to this comment View reply
Processing

See all 22 Comments >>

Latest tech news headlines

EA's Riccitiello sees bright skies ahead--no, really
Posted in News - Gaming and Culture by Caroline McCarthy

October 14, 2008 1:00 PM PDT
Omniture agrees to acquire Mercado site search business
Posted in Webware by Don Reisinger

October 14, 2008 12:35 PM PDT
New MacBook lineup vs. old MacBook linup
Posted in Crave by Matthew Elliott

October 14, 2008 12:28 PM PDT
See all headlines

Resource center from CNET News sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Microsoft creates education czar post
Software company chooses Michael Golden to head up its Education Products group, reporting to Anoop Gupta and overseeing the group's strategy and marketing efforts.
Gallery
Photos: Top 10 reviews of the week
Crave
New MacBook lineup vs. old MacBook linup
Crave compares the two new MacBook models with the pair they replaced.
Webware
Start-up developing new Web interaction paradigm
The secretive start-up Siri plans to make the interface to the Internet more usable by mere mortals.
Video
Sprint launches Xohm WiMax
News - Wireless
Verizon CEO optimistic despite economic crisis
Ivan Seidenberg says he believes his company will weather the financial storm. The reason? People will continue to spend money on wireless and broadband services.
Video
Talking with Newt Gingrich on tech, bailout
News - Gaming and Culture
EA's Riccitiello sees bright skies ahead--no, really
Even with the threat of low consumer spending this holiday season, the Electronic Arts CEO says that he thinks innovation will be able to keep game manufacturers afloat.
News - Cutting Edge
'60 Minutes' video: Drone warfare in Iraq
UAVs like the Predator are a highly valued asset for the U.S. military as it pursues "fleeting and perishable" targets. Lesley Stahl reports.
Gallery
Photos: Cracking open Apple's revamped iPod Nano
Planetary Gear
Space-rugged robot put to volcano test
Scarab to prove it can collect samples and data in extreme terrain and darkness with little communication.
Green Tech
Solar Power: GE buys in, thin film cells, solar map
Concentrator maker Soliant Energy raises $21 million, Sharp Solar and Signet Solar boost thin-film production, and a detailed solar resource map.