Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mozilla issues security update for "shell" exploit


  • Please log in to reply
3 replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:01:13 AM

Posted 09 July 2004 - 05:31 AM

New versions of Mozilla's three prominent products have just been released to address an important security concern. This update will prevent your browser from playing "shell games" as Mozilla has promptly addressed a widespread vulnerability affecting most browsers. So far, Firefox 0.9.2 is working great for me.

Firefox 0.9.2 -- FTP Site for downloading
ftp://ftp.mozilla.org/pub/mozilla.org/fir...releases/0.9.2/

Thunderbird 0.7.2 -- FTP Site for downloading
ftp://ftp.mozilla.org/pub/mozilla.org/thu...releases/0.7.2/

Mozilla 1.7.1 -- FTP Site for downloading
ftp://ftp.mozilla.org/pub/mozilla.org/moz...s/mozilla1.7.1/


Below is more information from the Internet Storm Center:

Mozilla issues security update for "shell" exploit
http://www.incidents.org/diary.php?date=2004-07-08

Posted Image

Mozilla and Firefox Update Fixes Vulnerability

It's time to update your browser, though this time the problem is not with Internet Explorer, but with Mozilla and Firefox running on Windows. As described in the eWeek article at

http://www.eweek.com/article2/0,1759,1621463,00.asp

A flaw in the way Mozilla and Firefox handled links containing the shell: suffix could allow a malicious web site to run arbitrary code on the visitor's system. We advise you to upgrade to Mozilla 1.7.1 or Firefox 0.9.2 to patch this vulnerability.

For more information about this vulnerability and ways of addressing it, please see http://mozilla.org/security/shell.html . This URL also points out that Thunderbird, an email client that's part of the Mozilla suite, is vulnerable, and explains how you can address the Thunderbird vulnerability as well.

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:01:13 AM

Posted 09 July 2004 - 07:35 AM

(KILL THE MESSENGER!)

Not really Harry.

Thanks once again for keeping us up to date and just a bit safer!
(Draw a ration of M&M's on me from Petty Candy!)
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:12:13 AM

Posted 11 July 2004 - 07:26 AM

I read somewhere this morning that the shell exploitation also affects Internet Explorer, that MS has admitted it, and that MS will issue a patch sometime in the next few weeks.

Regards,
John
Whereof one cannot speak, thereof one should be silent.

#4 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:12:13 AM

Posted 11 July 2004 - 10:33 AM

I thought I should be more specific with my remark. Here is the relevant information:

“The same day, a Dutch security expert published sample code that showed how Internet Explorer is susceptible to the same vulnerability that Mozilla just patched. A configuration change or other fix for IE, however, is not yet available, although Microsoft has confirmed the vulnerability. It is investigating the problem and is planning on releasing a series of updates to its browser in the coming weeks, Microsoft said.”

"Mozilla Vulnerability Quickly Fixed." 09 Jul 2004. Tech Web News. Tech Web. 11 Jul 2004 <http://www.techweb.com/wire/story/TWB20040709S0006>.

Regards to all,
John
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users