Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mozilla Firefox / SeaMonkey Multiple Vulnerabilities


  • Please log in to reply
3 replies to this topic

#1 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:11:09 PM

Posted 29 April 2011 - 09:11 PM

In case anyone is still using FF 3.6 (like me), I just did my weekly PSI scan, FF 3.6.16 is flagged as vulnerable--Highly Critical. :

Secunia Advisory SA44357
Release Date 2011-04-29

Criticality level: Highly critical
Impact: Exposure of sensitive information

Privilege escalation
System access

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 3.5.x Mozilla Firefox 3.6.x Mozilla SeaMonkey 2.x

Solution: Update to Mozilla Firefox version 3.5.19 or 3.6.17 and Mozilla SeaMonkey version 2.0.14.

http://secunia.com/advisories/44357/


Secunia PSI is a must have program, IMHO. http://secunia.com/vulnerability_scanning/personal/

Edit to add: That took about 30 seconds to fix. Thanks, Secunia!
Posted Image

Edited by Union_Thug, 29 April 2011 - 09:21 PM.


BC AdBot (Login to Remove)

 


#2 ngм

ngм

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 PM

Posted 01 May 2011 - 05:06 PM

Great information, here, Union_Thug. My thought is the greater part of Mozilla users have upgraded to Firefox 4 already. Unfortunately, it didn't patch the memory leak issue and Zero Day Initiative flagged Mozilla with a vulnerability about 23 days ago. (ID: ZDI-CAN-1144); with a Severity of 9. I'm not sure if this encompasses Firefox 4, or earlier versions. It looks as though (from what I've read) that it hasn't been patched. It's always a good idea to make sure you stay up to date with all software, as well as have extensions for Mozilla such as HTTPS Everywhere, Ghostery, and TrackMeNot.

Secunia PSI is a must have program, IMHO. http://secunia.com/vulnerability_scanning/personal/


I couldn't agree more on the Secunia PSI note.
Nosce te ipsum.

#3 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:11:09 PM

Posted 01 May 2011 - 07:27 PM

Thanks for the info & link to ZDI & welcome to BC :)

#4 ngм

ngм

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 PM

Posted 01 May 2011 - 07:38 PM

You're very welcome. I wish ZDI provided more information on the vulnerabilities. I suppose it's a wait-and-see matter. Thank you for the warm welcome! It's much appreciated!
Nosce te ipsum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users