« New Phish Finder | Main | Is Email Endangered? »

Mozilla has patched flaws in Firefox, Seamonkey and Thunderbird that hackers could use to bypass security restrictions, crash computers and run malware on machines. It is important to note, though, that these flaws do not affect the recently launched Firefox (which also features new security tweaks and an anti-phishing tool).

Below are the three advisories released by Mozilla and excerpted from SearchSecurity:

• Attackers could exploit several unspecified glitches to corrupt system memory, crash machines and possibly run malicious code. Mozilla noted that Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were enabled in mail.

• RSA digital signatures with a low exponent could be forged. The flaw was corrected in the Mozilla Network Security Services (NSS) library version 3.11.3 used by Firefox 2.0 and current development versions of Mozilla clients, but Firefox 1.5.0.7 was still vulnerable to attack.

• Attackers could modify a script object while it is executing and launch malicious JavaScript code as a result.

All of these patches are deemed critical, and are fixed by Firefox 1.5.0.8, Thunderbird 1.5.0.8 and SeaMonkey 1.0.6.

Posted by pschooff in Better Protection • Patches |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/942