US-CERT Cyber Security Alert SA06-038A -- Multiple Vulnerabilities in Mozilla Products

National Cyber Alert System

Cyber Security Alert SA06-038A

Multiple Vulnerabilities in Mozilla Products

Original release date: February 7, 2006
Last revised: April 17, 2006
Source: US-CERT

Systems Affected

Mozilla web browser
Mozilla mail client
Firefox web browser
Thunderbird mail client

Overview

By taking advantage of one or more vulnerabilities in Mozilla products, an attacker may be able to take control of your computer.

Solution

Upgrade to the latest version of Firefox

Mozilla has released an updated version of Firefox to correct these problems.

Description

There are vulnerabilities in various features of the Mozilla web browser, Mozilla email client, Firefox web browser, and Thunderbird email client. Some of the vulnerabilities are connected to the way the application handles URLs or images. In one instance, an attacker could cause an application to crash or could take control of your computer by convincing you to view a malicious web site or email message.

For more technical information, see US-CERT Technical Alert TA06-038A.

References

Mozilla Foundation Security Advisory 2006-04 - <http://www.mozilla.org/security/announce/mfsa2006-04.html>
US-CERT Technical Cyber Security Alert TA06-038A - <http://www.us-cert.gov/cas/techalerts/TA06-038A.html>
US-CERT Vulnerability Note VU#592425 - <http://www.kb.cert.org/vuls/id/592425>
US-CERT Vulnerability Note VU#759273 - <http://www.kb.cert.org/vuls/id/759273>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

February 7, 2006: Initial release
April 17, 2006: Fixed "Terms of use" statement

Last updated February 11, 2008

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting