 Mozilla issues security update for "shell" exploit, always keep your browser patched |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
  Jul 9 2004, 05:31 AM
Post
#1
|
|
 Security Reporter  Group: News Reporters Posts: 484 Joined: 10-April 04 From: Roanoke, Virginia Member No.: 107  |
Firefox 0.9.2 -- FTP Site for downloading ftp://ftp.mozilla.org/pub/mozilla.org/fir...releases/0.9.2/ Thunderbird 0.7.2 -- FTP Site for downloading ftp://ftp.mozilla.org/pub/mozilla.org/thu...releases/0.7.2/ Mozilla 1.7.1 -- FTP Site for downloading ftp://ftp.mozilla.org/pub/mozilla.org/moz...s/mozilla1.7.1/ Below is more information from the Internet Storm Center: Mozilla issues security update for "shell" exploit http://www.incidents.org/diary.php?date=2004-07-08  Mozilla and Firefox Update Fixes Vulnerability It's time to update your browser, though this time the problem is not with Internet Explorer, but with Mozilla and Firefox running on Windows. As described in the eWeek article at http://www.eweek.com/article2/0,1759,1621463,00.asp A flaw in the way Mozilla and Firefox handled links containing the shell: suffix could allow a malicious web site to run arbitrary code on the visitor's system. We advise you to upgrade to Mozilla 1.7.1 or Firefox 0.9.2 to patch this vulnerability. For more information about this vulnerability and ways of addressing it, please see http://mozilla.org/security/shell.html . This URL also points out that Thunderbird, an email client that's part of the Mozilla suite, is vulnerable, and explains how you can address the Thunderbird vulnerability as well. -------------------- |
 |
 
|
|
Jul 9 2004, 07:35 AM
Post
#2
|
|
 Bleepin' Conundrum Group: Global Moderator Posts: 8,626 Joined: 26-April 04 From: 65 miles due East of the "Logic Free Zone", in Md, USA Member No.: 235 |
(KILL THE MESSENGER!)
Not really Harry. Thanks once again for keeping us up to date and just a bit safer! (Draw a ration of M&M's on me from Petty Candy!) -------------------- |
|
|
|
|
Jul 11 2004, 07:26 AM
Post
#3
|
|
 Forum Addict Group: Global Moderator Posts: 19,878 Joined: 11-April 04 From: Chicago, Il. Member No.: 113 |
I read somewhere this morning that the shell exploitation also affects Internet Explorer, that MS has admitted it, and that MS will issue a patch sometime in the next few weeks.
Regards, John -------------------- Whereof one cannot speak, thereof one should be silent.
|
|
|
|
|
Jul 11 2004, 10:33 AM
Post
#4
|
|
|
Forum Addict Group: Global Moderator Posts: 19,878 Joined: 11-April 04 From: Chicago, Il. Member No.: 113 |
I thought I should be more specific with my remark. Here is the relevant information:
“The same day, a Dutch security expert published sample code that showed how Internet Explorer is susceptible to the same vulnerability that Mozilla just patched. A configuration change or other fix for IE, however, is not yet available, although Microsoft has confirmed the vulnerability. It is investigating the problem and is planning on releasing a series of updates to its browser in the coming weeks, Microsoft said.” "Mozilla Vulnerability Quickly Fixed." 09 Jul 2004. Tech Web News. Tech Web. 11 Jul 2004 <http://www.techweb.com/wire/story/TWB20040709S0006>. Regards to all, John -------------------- Whereof one cannot speak, thereof one should be silent.
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 7th September 2008 - 01:39 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.