US-CERT Cyber Security Alert SA06-107A -- Mozilla Products Contain Multiple Vulnerabilities

National Cyber Alert System

Cyber Security Alert SA06-107A

Mozilla Products Contain Multiple Vulnerabilities

Original release date: April 17, 2006
Last revised: --
Source: US-CERT

Systems Affected

Mozilla web browser
Mozilla email application
Firefox web browser
Thunderbird email application
Mozilla Suite

Overview

By taking advantage of one or more vulnerabilities in Mozilla products, an attacker may be able to take control of your computer.

Solution

Upgrade to the latest versions of Firefox and Thunderbird

Mozilla has released an updated version of Firefox to correct these problems.

Mozilla has released an updated version of the Thunderbird email program to correct these problems.

Description

There are vulnerabilities in various features of the Mozilla web browser, Mozilla email application, Firefox web browser, and Thunderbird email application. Some of the vulnerabilities involve the way these applications handle URLs or images. For instance, an attacker could cause an application to crash or could take control of your computer by convincing you to view a malicious web site or email message.

For more technical information, see US-CERT Technical Alert TA06-107A.

References

Mozilla Foundation Security Advisories - <http://www.mozilla.org/security/announce/>
US-CERT Technical Cyber Security Alert TA06-107A - <http://www.us-cert.gov/cas/techalerts/TA06-107A.html>
US-CERT Vulnerability Notes Related to April Mozilla Security Advisories - <http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_April_2006>
US-CERT Vulnerability Note VU#932734 - <http://www.kb.cert.org/vuls/id/932734>
US-CERT Vulnerability Note VU#968814 - <http://www.kb.cert.org/vuls/id/968814>
US-CERT Vulnerability Note VU#179014 - <http://www.kb.cert.org/vuls/id/179014>
US-CERT Vulnerability Note VU#488774 - <http://www.kb.cert.org/vuls/id/488774>
US-CERT Vulnerability Note VU#842094 - <http://www.kb.cert.org/vuls/id/842094>
US-CERT Vulnerability Note VU#813230 - <http://www.kb.cert.org/vuls/id/813230>
US-CERT Vulnerability Note VU#736934 - <http://www.kb.cert.org/vuls/id/736934>
US-CERT Vulnerability Note VU#935556 - <http://www.kb.cert.org/vuls/id/935556>
US-CERT Vulnerability Note VU#350262 - <http://www.kb.cert.org/vuls/id/350262>
US-CERT Vulnerability Note VU#252324 - <http://www.kb.cert.org/vuls/id/252324>
US-CERT Vulnerability Note VU#329500 - <http://www.kb.cert.org/vuls/id/329500>
Firefox - Rediscover the Web - <http://www.mozilla.com/firefox/>
Thunderbird - Reclaim your inbox - <http://www.mozilla.com/thunderbird/>
Mozilla Suite - The All-in-One Internet Application Suite - <http://www.mozilla.org/products/mozilla1.x/>
Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/browser_security.html#Mozilla_Firefox>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization, Terms of use

Revision History

April 17, 2006: Initial release

Last updated February 11, 2008

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting