Thursday, July 17, 2008

Vulnerabilities In Mozilla Firefox, SeaMonkey and Thunderbird

There's been found a vulnerability related to CSS object handling in Firefox and SeaMonkey web browsers. By exploiting the vulnerability an attacker could cause a crash and then take an advantage of it by running arbitrary code on the victim's computer. Vulnerability affects only to Thunderbird email software if it's JavaScript support is enabled. By default support is disabled.

Among meantioned vulnerability there was found also another vulnerability in Firefox browsers. That vulnerability is related to the way Firefox handles URIs (Uniform Resource Identifier) entered from command-line. By exploiting the vulnerability an attacker could open multiple into browser while Firefox is not running, access system information and run arbitrary code on the victim's computer.

Vulnerable versions are:
- Mozilla Firefox prior version 3.0.1
- Mozilla Firefox prior version 2.0.0.16
- Mozilla Thunderbird prior version 2.0.0.16
- Mozilla SeaMonkey prior version 1.1.11

As a resolution it's advisable to update vulnerable versions to these versions:
- Mozilla Firefox 3.0.1 and 2.0.0.16
- Mozilla Thunderbird 2.0.0.16
- Mozilla SeaMonkey 1.1.11

Update can be made using automatic update functionality or by installing the latest versions from http://www.mozilla.com and http://www.seamonkey-project.org.

No comments: