US-CERT Cyber Security Alert SA06-153A -- Mozilla Products Contain Multiple Vulnerabilities

National Cyber Alert System

Cyber Security Alert SA06-153A

Mozilla Products Contain Multiple Vulnerabilities

Original release date: June 2, 2006
Last revised: June 5, 2006
Source: US-CERT

Systems Affected

Firefox web browser
Thunderbird email application

Overview

The Firefox web browser and Thunderbird email application contain several vulnerabilities. By taking advantage of one or more of these vulnerabilities, an attacker may be able to take control of your computer.

Solution

Upgrade to the latest versions of Firefox and Thunberbird

Mozilla has released Firefox 1.5.0.4 to corrrect these problems.

Mozilla has released Thunderbird 1.5.0.4 to correct these problems.

Description

Mozilla products, including the Firefox web browser and Thunderbird email application, contain a number of vulnerabilities. These vulnerabilities may allow an attacker to access your computer, run programs that could cause your computer to crash, or gain control of your computer.

For more technical information, see US-CERT Technical Alert TA06-153A.

References

US-CERT Vulnerability Note VU#237257 - <http://www.kb.cert.org/vuls/id/237257>

US-CERT Vulnerability Note VU#421529 - <http://www.kb.cert.org/vuls/id/421529>

US-CERT Vulnerability Note VU#575969 - <http://www.kb.cert.org/vuls/id/575969>

US-CERT Vulnerability Note VU#243153 - <http://www.kb.cert.org/vuls/id/243153>

US-CERT Vulnerability Note VU#466673 - <http://www.kb.cert.org/vuls/id/466673>

Mozilla Foundation Security Advisories - <http://www.mozilla.org/security/announce/>

US-CERT Vulnerability Notes Related to June Mozilla Security Advisories - <http://www.kb.cert.org/vuls/byid?searchview&query=firefox_1504>

Mozilla Foundation Security Advisories - <http://www.mozilla.org/projects/security/known-vulnerabilities.html>

Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/>

Thunderbird - Reclaim your inbox - <http://www.mozilla.com/thunderbird/>

The SeaMonkey Project - <http://www.mozilla.org/projects/seamonkey/>

Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/browser_security.html#Mozilla_Firefox>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

June 2, 2006: Initial release
June 5, 2006: Added product version numbers

Last updated February 11, 2008

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting